The news came on 30 April through a press release from the ICANN Board announcing that it had taken the decision to reject the sale of Public Interest Registry (PIR), the .ORG registry, to the private equity firm Ethos Capital.

For reminder, at the end of 2019, the announcement of the sale of the .ORG registry to Ethos Capital created a real debate and caused several concerns from NGOs, such as the increase of .ORG prices and the implementation of rights protection policies that could lead to a form of censorship (Find all the articles on this subject on the blog).

In mid-April, while the organization had to decide whether or not to approve the sale of the registry, the transaction was still pending. ICANN allowed itself additional time to complete its review, after receiving numerous letters of opposition, including one from California’s Attorney General, Xavier Becerra.

The decision to reject this deal was finally announced on Thursday 30 April “as a result of various factors that create unacceptable uncertainty over the future of the third largest gTLD registry”.

One of the main reasons for this decision is the “change from the fundamental public interest nature of PIR to an entity that is bound to serve the interests of its corporate stakeholders, and which has no meaningful plan to protect or serve the .ORG community.”

Among the reasons for this rejection is also the issue of financing, since this transaction could compromise the financial stability of the registry. Indeed, the proposed sale would change PIR from a not-for-profit entity to a for-profit entity with a $360 million debt obligation, which would not benefit PIR or the .ORG community, but the financial interests of Ethos and its investors.

Furthermore, the PIR proposal to implement a “Stewardship Council“, which aimed to make the entity more accountable to the community, did not convince ICANN either. According to the organization, this council “might not be properly independent“.

ICANN’s decision is therefore a victory for the .ORG community and Electronic Frontier Foundation, which does not stop there and adds “the .ORG registry still needs a faithful steward, because the Internet Society has made clear it no longer wants that responsibility. ICANN should hold an open consultation, as they did in 2002, to select a new operator of the .ORG domain that will give nonprofits a real voice in its governance, and a real guarantee against censorship and financial exploitation.”

]]>Choosing the right TLD based on DNS performancehttps://blog.nameshield.com/blog/2020/04/30/choosing-the-right-tld-based-on-dns-performance/?utm_source=rss&utm_medium=rss&utm_campaign=choosing-the-right-tld-based-on-dns-performance
Thu, 30 Apr 2020 18:22:00 +0000https://blog.nameshield.com/?p=1543Continue reading "Choosing the right TLD based on DNS performance"]]>Comparative analysis of the famous Top Level Domains (.com, .fr…)

The crux of the war for high-visibility websites is the download time. As a natural referencing factor admitted by Google, this download time can be significantly impacted during DNS resolution. If it is necessary to rely on a first-class DNS infrastructure, the choice of the extension associated with a domain name is important. Indeed, not all registries perform equally well in terms of DNS, not to say that some have disappointing performance. The offer in terms of TLDs (nearly 1400) has greatly increased since ICANN’s New Extensions Program. Analysis to follow.

A quick look at DNS resolution time and its impact on load time

Resolving a domain such as nameshield.net follows several steps before you can contact the content server. The DNS resolver contacts the root DNS servers (.), then the DNS servers of the registry of the extension concerned (.net) in order to obtain the list of DNS servers responsible for the domain, and finally these DNS servers to obtain the requested response. The response obtained is certainly cached by the DNS resolver (generally managed by the Internet Service Provider), but this will not always be the case depending on the popularity of your domain.

This means that if the DNS for the top level domain (.net) is slow, it may actually delay DNS resolution for the domain itself and, in the very unlikely worst case scenario, even cause a breakdown. There’s not much you can do about this, apart from choosing the right TLD.

Comparative Analysis

Bunny CDN, a Slovenian content delivery player, conducted the following surprising analysis. Relying on their global network, they monitored DNS performance worldwide from more than 50 sites and networks.

For each TLD, their system chose a random name server published for each top-level domains and queried a random domain name. The results were grouped by region and the data recorded every 10 seconds.

Results

They tested 42 of the most popular top-level domains and then aggregated the results into a global median average and an 85-percentile aggregation (the 15% slowest responses were not taken into account). These tests were conducted only from their network, so a more complete study would certainly be worthwhile, but they provide a good overview.

Source : BunnyCDN

The results were quite surprising

The most surprising domains are .info and .org, which have shown really poor performance, especially in the 85 percentile range, despite their seniority and the millions of domains registered. It seems that 4 of the 6 names servers function extremely poorly, which explains the poor results.

The .net and .com have been very slightly slower than expected in Europe and North America, but otherwise offer excellent and stable performance in all regions, visible in the global median. .net and .com have much larger networks, but remain a very interesting choice for absolute maximum performance.

Less expected is the performance of the .co, .biz and .in TLDs, well ahead of the others.

Some new domains (.online, .top, .blog…), which are attractive from a marketing point of view and growing strongly, show disappointing performances…

… on the other hand, very good surprises for .live, .email, .news, managed by Donuts Inc or .club and .buzz managed by Neustar Inc, with, however, a very important decrease in performance in regions outside Europe and North America, which further aggravates the problem.

42 of the most popular TLDs among the 1400+ available have been tested. Without drawing any definitive conclusions, we can assume that many may not work much better.

Conclusion

Do you need to revolutionize the management of your domain name portfolio and the choice of TLDs for your most visible websites? Should you switch everything to .biz or .co immediately to increase performance?

Certainly not. First of all, DNS responses are heavily cached, especially for very popular websites, resolvers may not need to reach many top-level names servers. Then, the choice of a domain name is primarily driven by marketing imperatives (brand, geographical area, name availability) that are often far more impactful than the additional 50 milliseconds of loading time for the first page to load.

However, if you are trying to compress absolutely every last bit of performance and ensure high reliability in a system where every last millisecond counts, then you may want to think twice before choosing your domain. The differences aren’t huge, but if you’re aiming for that one-second loading time, things can add up to 200 ms in some cases.

Choosing the right TLD based on DNS performance is indeed a good thing, but probably not a cause for too much concern.

As a registrar, Nameshield has an accurate view of the typology of abandoned domain names and domain names kept by their holders when they clean up their portfolio.

As in all sectors of activity, phenomena that could be said to be “trendy” can even be seen in cybersquatting and therefore in domain names that are abandoned or maintained.

Let’s take the example of typosquatting, there was a time when it was essential to register domain names that included your trademark with as many typographical variants as possible (if your trademark contained the letter O, it was important to register a version with the number 0 instead of the O etc.), because cybersquatters were then very focused on this type of hijacking attempt. A decade later, cybercrime has changed and, while it is still important to register typographical variants, only the most pertinent ones are relevant today. As a result, many companies have abandoned the most distant variants.

The same goes for extensions. At certain periods, the risks of cybersquatting are greater depending on the registration conditions. A “first-come, first-served” extension is more at risk than a TLD requiring, for example, a locally registered trademark. Since the domain names registrations rules are set by each registry, they are likely to change over time, with the result that potential abandonments may occur.

An interesting study published at the end of 2019 by Frank Moraes, indicated that considering the first 8 extensions, only 29.79% of registered domain names would be renewed each year. Of the remaining 70.21%, 41.22% would simply expire and 28.99% would be registered by a new holder.

Only one domain name out of three would therefore be renewed the year following its registration! However, the rates vary significantly and the highest renewal percentages are unsurprisingly for .NET (46.3%), .ORG (44.24%) and .INFO (34.56%).

On the contrary, the lowest renewal rates are for .CN (1.72%), .BIZ (16.6%) and .TOP (22.22%).

What about .COM? The .COM TLD remains undoubtedly the most popular extension. If the study cited above only places the .COM in fourth position in the percentage of renewals (certainly taking into account the sampling), the renewal rate of the .COM is more around 80% and is relatively stable from year to year.

A few months ago, in previous articles, we mentioned the sale by Internet Society of Public Interest Registry (PIR), the .ORG registry, to Ethos Capital, a private equity firm.

The .ORG is the reference extension for non-profit organizations and the .ORG registry represents more than 10.5 million domains. For reminder, the announcement of the sale of the registry caused several concerns in the NGO community.

In front of these many complaints, ICANN had already postponed the approval of the .ORG registry’s sale to Ethos Capital and requested additional information from Internet Society.

Further postponement of the .org registry’s sale after the intervention of the Attorney General of California

On Thursday 16 April, when the ICANN Board was to decide whether or not to approve the sale of the registry, it was finally decided at that meeting, to postpone it again until 4 May 2020. This fourth postponement was caused by a letter received the day before from California’s Attorney General, Xavier Becerra, asking ICANN to reject the sale. He explains that it “raises serious concerns that cannot be overlooked“.

“Empowering a for-profit entity that could undermine the accessibility and affordability of the .org domain, which serves nonprofits, should concern all of us” the Attorney General’s office told The Register.

The secret nature of Ethos Capital is a source of concern

In his letter, the Attorney General expressed several concerns about the transaction, including the secret nature of the proposed buyer, Ethos Capital: “Little is known about Ethos Capital and its multiple proposed subsidiaries“. Ethos Capital is criticized for its unusual corporation structure (the purchase involves six different companies, all of which were registered on the same day in October 2019) and its lack of transparency regarding its future plans.

In its notice published last Thursday, ICANN affirms having listened to the community and having demanded greater transparency and more guarantees from PIR. According to the organization, the Attorney General’s letter does not take into account the recent work that PIR has done regarding Public Interest Commitments, to make the entity more responsible to the community. ICANN requested PIR to strengthen these commitments, and a draft of the revised Public Interest Commitments has been provided to ICANN.

ICANN’s behavior and Internet Society criticized

ICANN has also been subject to a number of criticisms during the entire process, particularly as it appeared that the organization’s staff was pushing for approval of the transaction despite near universal opposition to it from the Internet community.

In addition, early last week, ICANN’s founding CEO Michael Roberts and original Board Chair Esther Dyson wrote a letter to Xavier Becerra criticizing the transaction and accusing their successors of abandoning ICANN’s core principles.

According to the Attorney General, this transaction will have an impact on ICANN’s reputation given the way the organization has handled the situation.

Not only ICANN and Ethos have been criticized by the Attorney General’s office, Xavier Becerra also blames the Internet Society for proposing the sale of the .ORG registry to Ethos Capital: “ISOC purports to support the Internet, yet its actions, from the secretive nature of the transaction, to actively seeking to transfer the .ORG registry to an unknown entity, are contrary to its mission and potentially disruptive to the same system it claims to champion and support“.

Xavier Becerra’s letter does not threaten ICANN with action if it does approve the sale. However, it does indicate that the Attorney General of California holds significant authority over the organization and is prepared to act, particularly since this sale could affect hundreds of thousands of other non-profit organizations.

“Given the concerns stated above, and based on the information provided, the .ORG registry and the global Internet community – of which innumerable Californians are a part – are better served if ICANN withholds approval of the proposed sale and transfer of PIR and the .ORG registry to the private equity firm Ethos Capital. This office will continue to evaluate this matter, and will take whatever action necessary to protect Californians and the nonprofit community.”

In a notice published last Thursday, ICANN thus declared the postponement of its decision: “We have agreed to extend the review period to 4 May 2020, to permit additional time to complete our review.”

Every year, the Club of Experts in Information and Digital Security (CESIN) publishes its barometer of companies’ cybersecurity in order to better understand the perception and concrete reality of cybersecurity and its issues within CESIN member companies.

Last January, CESIN unveiled the results of its OpinionWay survey, carried out from the 2nd of December 2019 to the 7th of January 2020 among its 253 members, Chief Information Security Officer (CISO) of major French groups.

Cyberattacks: Fewer companies affected but still heavily impacted

First of all, the study highlights a positive figure: the decline in the number of companies that suffered at least one cyberattack in 2019, i.e. 65% of the companies surveyed compared to 80% in 2018 (note, however, that this difference in results is nuanced by the addition of the definition of cyberattack in the survey conducted in January 2020).

On the other hand, the impact of these cyberattacks remains significant since 57% of these attacks have consequences on business such as disruption of production (27%), website unavailability (17%) and revenue loss (9%).

The targeted companies were the targets of 4 types of cyberattacks on average in 12 months. Among the attacks vectors, phishing remains the most frequent attack with 79% of companies affected in 2019, followed by the scam on the President (47%), the exploitation of a vulnerability (43%) and fraudulent login attempts (40%).

The main consequences of these attacks are identity theft (35%), malware infection (34%), personal data theft (26%), ransomware infection (25%) and denial of service (19%).

Cloud, IoT and AI, issues of concern

With the digital transformation, the use of the Cloud is important within companies: 89% of companies surveyed store their data in a Cloud, including 55% in public Clouds.

A massive use of the Cloud which still represents a high risk due to a lack of control over the hosting provider’s subcontracting chain (for 50% of CISOs), the difficulty of conducting audits (46%) and the lack of control over the use of the Cloud by employees (46%). For 91% of respondents, the tools implemented by Cloud hosting providers are not sufficient to secure the data stored, and specific additional tools or measures are necessary.

Connected objects are also a growing concern, increasing the attack surface and creating new types of threats. The CISOs surveyed are concerned about the security breaches present in this equipment (43%) and the uncertainty in the assessment of potential risks (28%).

The study also shows that the embedded AI at the heart of cybersecurity solutions has yet to prove its worth since 53% of CISOs do not trust it.

An awareness of cyber-risks

To prevent the risk of attacks, companies implement an average of a dozen protection solutions, in addition to antivirus and firewalls. Among them, the mail security gateway (85%), the VPN/SSL gateway (85%), proxy and URL filtering (83%), and multi-factor authentication. The latter, adopted by 72% of companies, has increased by 13% compared to 2018.

More aware of cyber risks, 91% of the companies surveyed are implementing a cyber-resilience program in parallel with protection solutions or are considering doing so, that’s 12 points higher than last year.

Awareness of cyber risks is also reflected in the steady increase over the last three years in the number of companies having subscribed to cyber-insurance (60%).

Despite this, only 4 out of 10 companies say they are prepared in case of a large-scale cyberattack.

Employees Awareness

In addition to the external threat, for 43% of companies, employees’ negligence is the most common cyber risk.

Shadow IT, i.e. the deployment and use of applications and services beyond the control of IT teams, is mentioned by 98% of the CISOs surveyed and remains a significant threat to be dealt with.

Yet even though they are aware of cyber risks (according to 74% of respondents), only half of employees comply with the recommendations, according to CISOs.

Issues for the future of cybersecurity

Governance is the first issue mentioned by CISOs (70%) for the future of cybersecurity, followed by users’ training and awareness raising on cybersecurity issues (57%).

Increasing the budget is another major issue for 50% of respondents. The proportion of the IT budget allocated to cybersecurity has increased in companies compared to last year. 62% of them plan to increase it further in the next 12 months and 83% want to acquire new technical solutions.

In terms of human resources, one out of two companies (51%) would like to increase the number of staff dedicated to cybersecurity, but 90% face a shortage of Information Systems Security profiles, leading to recruitment difficulties.

]]>COVID19.com – The domain name registered by a third party redirects to the website of the World Health Organization (WHO)https://blog.nameshield.com/blog/2020/04/01/covid19-com-the-domain-name-registered-by-a-third-party-redirects-to-the-website-of-the-world-health-organization-who/?utm_source=rss&utm_medium=rss&utm_campaign=covid19-com-the-domain-name-registered-by-a-third-party-redirects-to-the-website-of-the-world-health-organization-who
Wed, 01 Apr 2020 19:10:00 +0000https://blog.nameshield.com/?p=1492Continue reading "COVID19.com – The domain name registered by a third party redirects to the website of the World Health Organization (WHO)"]]>Image source: geralt via Pixabay

“Domainers” are always a step ahead when it comes to taking advantage of a good or bad situation. For example, some will anticipate elections by registering the names of political figures, others by taking advantage of a sport or cultural event. Consequently, regarding domain names, there will be opportunities for speculative registrations.

In the case of “COVID19.com“, it seems clear that at the time of this domain name registration on February 11, 2020, the holder obviously wants to speculate on the “COVID 19” virus, a term that can generate multiple requests in any language. The name is available for sale for $10,000 USD.

However, instead of simply redirecting the domain name to commercial links, the holder chose to redirect this strategic name to the World Health Organization (WHO) website. Is this a citizen’s initiative? Unlikely, because given the current context, using such a name to make a direct profit through commercial links could lead to a violation of the Registrar’s registration conditions.

If the holder does not immediately benefit from this domain name, he will at least have the merit to draw our attention to him for the time of an article.

]]>.ZA websites will have to propose a link towards the COVID-19 official website implemented by the governmenthttps://blog.nameshield.com/blog/2020/04/01/za-websites-will-have-to-propose-a-link-towards-the-covid-19-official-website-implemented-by-the-government/?utm_source=rss&utm_medium=rss&utm_campaign=za-websites-will-have-to-propose-a-link-towards-the-covid-19-official-website-implemented-by-the-government
Wed, 01 Apr 2020 18:57:00 +0000https://blog.nameshield.com/?p=1490Continue reading ".ZA websites will have to propose a link towards the COVID-19 official website implemented by the government"]]>Image source: 12019 via Pixabay

Since last Thursday, the South African government has imposed to all websites using domain names in .ZA to propose a link that redirects towards the official Covid-19 information website implemented by the government: www.sacoronavirus.co.za

This new rule applies to all .ZA websites, regardless of their content.

The two other extensions managed by ZADNA registry, JOBURG and .CAPETOWN are also affected by this rule.

In the same logic, the registry also invites Internet services providers to block any websites which spread fake news.

Lastly, it is interesting to note that the government’s COVID information website is not www.coronavirus.co.za but www.sacoronavirus.co.za. This is because the domain name www.coronavirus.co.za has been registered by a domainer who proposes on his website to resell the name in question.

Like all crisis or news, COVID-19 led to a massive registration of domain names containing the associated terms, some unscrupulous players seeking to take advantage of the situation.

Unsurprisingly, during this unprecedented and complicated period, there has been a high increase in the number of cybercriminal attacks of all kinds.

]]>Let’s Encrypt, do not confuse confidentiality and securityhttps://blog.nameshield.com/blog/2020/03/18/lets-encrypt-do-not-confuse-confidentiality-and-security/?utm_source=rss&utm_medium=rss&utm_campaign=lets-encrypt-do-not-confuse-confidentiality-and-security
Wed, 18 Mar 2020 19:30:00 +0000https://blog.nameshield.com/?p=1500Continue reading "Let’s Encrypt, do not confuse confidentiality and security"]]>Let’s Encrypt was recently the subject of discussions in the small world of TLS certificates, by suddenly revoking 3 048 289 certificates which should not have been issued. A bug in its validation software prevented CAA registrations controls, and the certificates in question should not have been initially issued. These significant disruptions resulted from this mass revocation, but it is difficult to complain about a free service.

I am often asked what I think of Let’s Encrypt, and I always have this same answer: Let’s Encrypt has done a lot to encrypt the web, but is undermining the security of the web. Encryption allows to ensure confidentiality (no one can spy on) and integrity (no one can modify) of exchanges. But encryption alone is not enough if I do not have any guarantee of the identity of the one I am exchanging with (legitimate or fraudulent?)… And that is the whole problem.

In 2015, the Let’s Encrypt initiative supported by leading players of the Internet (EFF, Mozilla, Cisco, Akamaï…) was created with the purpose of massively and freely spreading SSL certificates to the whole world. More than five years later, the organization secures 190 million websites and has just announced that it has issued a billion certificates. The milestone was reached on February 27, 2020. This is undoubtedly a great performance.

96% of the web encrypted in January 2020

In 2015, less than half of the web traffic was encrypted, to reach 96% in January 2020. Of course, Let’s Encrypt is not the only player responsible for this rise. Edward Snowden launched the first alert, Google has largely stepped into the breach, between referencing policy and changes in web security indicators. But by providing to all, free certificates based on a largely automated system, Let’s Encrypt has democratized encryption… and put the concept of identity into oblivion.

No identity, no security

Let’s Encrypt’s credo is simplicity, to “simplify to the extreme HTTPS deployment and put an end to its horribly complex bureaucracy” (says EFF in the launch campaign). The horribly complex bureaucracy has however a meaning: high authentication, which guarantees the identity of the certificate’s holder. Maybe not the absolute guarantee of legitimacy, not a guarantee of content either, but the guarantee of a registered company, legitimately owner of the concerned domain name and with a certificate validated according to a drastic procedure.

Let’s encrypt merely verifies the domain name’s control (DV, Domain Validation). One only has to click on a link in an email or to fill in a TXT record on the domain name’s DNS zone. Yet domain names registration in most TLDs is purely declarative. It is quite easy to register a domain name, to request a certificate from Let’s Encrypt and to publish a website in HTTPS://.

The results?

In five years, all phishing and fraudulent websites have switched to HTTPS://. Since 2016, Vincent Lynch alerted on this problem, 15 270 certificates with the term “Paypal” had been issued by Let’s Encrypt, 14 766 of these certificates were fraudulent.

The market has been brought down in terms of authentication level. Let’s Encrypt is far from being the only one responsible, Google and Mozilla, with their 70% of market shares, have largely supported the initiative, the big Cloud hosting providers followed, as well as the Certification Authorities, challenged on the prices. Today we have a secure web with 77% (November 2019) of certificates whose proprietary’s legitimacy is not verified.

High authentication changes the game

The web has become encrypted by default. Does that make it more secure? Nothing is certain. The web user educated for twenty years to check the presence of the padlock in the address bar, trusts a web where all the fraudulent websites display the security padlock. Today, Internet is confidential but that does not make it safe.

It is urgent to return to high authentication. High authentication ensures a set of compulsory, drastic and controlled steps in order to obtain certificates. The procedures are enacted by CA/B Forum, regularly strengthened, and followed by audit from Certification Authorities.

23% of the certificates are still issued on the basis of high authentication, mostly in the corporate world, where CISO are pushing to preserve it. We all have to rely on them and support initiatives supporting OV (Organization Validation) and EV (Extended Validation) certificates, especially EV to guarantee the identity of the websites visited by web users. While identity on the Internet seems to have been somewhat forgotten for some time in favor of confidentiality, it is likely to come back to the spotlight again soon, driven in particular by web users and the need of personal data protection.

Through our
experience gained from world-renowned customers with ever-increasing security
requirements, we have also become technical experts in Information security.
That is why we have implemented an Information Security Management System (ISMS).

In 2017, we obtained the ISO 27001 certification of this ISMS for our activities of domain names portfolio, DNS and TLS/SSL certificates management. Nameshield Group has thus become the sole French registrar ensuring such a level of security for its customers.

Since then, our employees involved in the ISMS
continuously contribute to the constant improvement of our security arrangements.

An analysis of the risks and their processing,
according to the Ebios method, answer to our security goals and those of our
clients.

We permanently adapt to security, performance
and sustainability needs. It results in the deployment of more secure products
and services, with higher added values, that meet our clients’ expectations
more and better.

We know how to mobilize ourselves in case of
incidents and learn to always do better by analyzing the processing of each
alert.

We have and control a business continuity plan.
Therefore, we are able to carry out our activities remotely (backup site, telecommuting,
redundant servers…), whatever the threats.

Information security is the DNA of Nameshield
Group and all its employees.

Logically, our ISO 27001 certificate has been renewed for 3 years in last February without any non-compliance nor comments being notified.

At the end of 2019, the announcement of the .org registry’s sale, Public Interest Registry (PIR) by Internet Society to Ethos Capital, a private equity firm, created a debate, which was also the subject of a previous article on this blog.

For reminder, this announcement caused several concerns from NGOs, such as the increase of .ORG prices and the implementation of rights protection policies that could lead to a form of censorship, as is already the practice in some countries. These fears led Electronic Frontier Foundation (EFF) to launch the SaveDotOrg campaign to raise awareness about the potential impact of this sale. To date, 846 organizations and 25 119 people have signed this petition demanding Internet Society to stop the sale.

In front of these many complaints, ICANN postponed
the approval of the .ORG registry’s sale to Ethos Capital and requested additional
information from Internet Society.

In response to these criticisms, Ethos Capital
and Public Interest Registry try to reassure by proposing the implementation of
“Public
Interest Commitments” (PIC), binding commitments which would ensure
that the .org prices’ increase would be limited.

Among these commitments, they also propose the
creation of a “Stewardship Council” (a council for the .org management) which
could influence decisions taken by PIR and thus ensure the preservation of freedom
of expression.

These PIC would be added to the Registry
Agreement, the contract between the registry and ICANN regarding the
functioning of the registry.

A for-profit registry to defend non-profit organizations?

During the last ICANN summit, organized
remotely from 7 to 12 March 2020 because of the Covid-19 pandemic, several NGOs,
including EFF, mentioned this .ORG registry’s acquisition by Ethos Capital and
asked ICANN about how it plans to review the change of control of the .ORG
registry.

According to EFF, forming a “Stewardship Council” will not resolve the NGOs’ concerns. Indeed, the initial members of this council will directly or indirectly be selected by PIR and PIR will have the ability to veto new council members, which would thus ensure that the council will stay in lockstep with PIR.

Regarding the .ORG prices, according to NGOs,
the implementation of the PIC doesn’t ensure a limitation of the prices
increase. An amending of the Registry agreement can be negotiated at any time by
the registry’s owner and ICANN, despite a public opposition. That’s what
happened in June 2019, when the .ORG Registry Agreement was revised to diminish
registrants’ rights and remove price caps. Furthermore, ICANN indicated in
2019, its interest in exiting the role of price regulation, but the PIC implementation
would place ICANN back into that role.

Therefore, according to NGOs, these “Public
Interest Commitments” would not protect adequately the .org community.

The NGOs’ questions remained without answer
during the last ICANN summit, and this acquisition is still under review by
ICANN.

“We acknowledge the questions and concerns that are being raised” says ICANN. “To ease those concerns and maintain trust in the .ORG community, we urge PIR, ISOC, and Ethos Capital to act in an open and transparent manner throughout this process. […] We will thoughtfully and thoroughly evaluate the proposed acquisition to ensure that the .ORG registry remains secure, reliable, and stable.”

Apple announced this week that the maximum
lifetime of SSL / TLS certificates on its devices and Safari browser would
be limited to 398 days (1 year, and 1 month to cover the renewal period). The
change, announced by Apple at the CA / Browser Forum meeting in Bratislava,
Slovakia, will take effect for certificates
issued after August 31, 2020.

Apple’s announcement follows a failure of the CA / B Forum’s vote on one-year certificates (Bulletin SC22), which was held in August 2019, and reflects a continuing trend to shorten lifespan certificates. Following this vote, Google had also expressed its intention to reduce certificate lifetime outside the framework of the CA / B forum if they do not position themselves quickly. This announcement is a bit of a surprise, we would rather have thought that Google or Mozilla would take the first step.

What are the consequences for companies and their SSL / TLS certificates?

Is shorter validity a good thing?

The shorter the validity period of a
certificate, the more secure the certificate. By requiring replacement of
certificates over a shorter period of time, security updates are made to
certificates, they deploy faster. The shorter private key lifetime of a
certificate is also a strong recommendation from online security players to
limit the potential duration of fraud following a compromise.

From a security perspective, everyone agrees
that reducing the life of certificates is a good thing. The problem lies on the
operational side with the consequences of this reduction being: more frequent
intervention on certificates, therefore greater complexity in keeping an up to
date inventory and the need for optimal organization with partners for
certificate issuance.

Should Apple’s announcement be taken into account?

Safari is one of the two main web browsers, with 17.7% in January 2020, behind Google Chrome (58.2%) and ahead of Microsoft Internet Explorer and Edge (7.1%). It is difficult to ignore the announcement as it will affect 1/5 of Internet users, what is more is that if Google does follow, it is better to anticipate and prepare. Nameshield’s has already adopted this stance.

Things to keep in mind

Certificates issued
before September 1, 2020 are not affected by this change. They will remain valid for the entire
two-year period. All certificates issued
on or after September 1 must be renewed each year to be considered reliable
by Safari.

We must therefore prepare to move towards
having certificates with a maximum duration of one year compared to the current
two years. Being able to rely on a partner and effective tools is more
essential than ever.

Towards the end of the correlation between authentication and technical
certificate management

What seems to be taking shape within the CA / B
Forum is the idea of allowing an authentication duration identical to that
which we know today (two years) while forcing the certificates to be replaced
several times during this same period.

The main Certification Authorities, the bodies
that issue certificates, anticipate these changes and are working on several
automation systems to manage certificate life cycle. They would thus limit the
need to go through a potentially cumbersome re-authentication procedure with
each replacement. Companies could replace their certificates as many times as
they want during this period. This would make it possible to anticipate possible
further reductions in the maximum lifetime of certificates.

The trend is also towards the installation of
automation tools for the maintenance of a precise inventory of certificates on
the one hand and technical reinstallation on the other. Nameshield is closely
monitoring these various developments and will allow you to continue working
with confidence.

Our team is also at your disposal to anticipate these changes and answer any questions you may have.

Following the announcement on Sunday February
16, of Agnès Buzyn’s candidacy to Paris municipal elections, several political journalists
discovered on Monday that the domain name buzyn2020.fr was registered but
redirected towards “Paris en commun”,
the campaign website of another candidate, Anne Hidalgo.

Several other names were registered on Sunday
night, also redirecting towards Paris en
commun’s homepage like buzyn2020.paris, agnesbuzyn2020.fr and
agnesbuzyn2020.com.

If several of these names were anonymously registered, two of them were registered by the association “Montreuil en Commun”, a group of “four municipal councilors” who claims to be “without any political label” and explains to Numerama the fact that these names were available “indicates the improvisation of her candidacy and LREM’s lightness regarding a serious matter such as a candidacy to run for Paris’ mayor”.

Raising awareness to cybersquatting risks

The LREM candidate will not be able to use the
domain name buzyn2020.com either, which was registered on Monday by Crisalyde, a
risk and crisis management consulting company.

“I took the opportunity to raise awareness. It’s my job, I saw a risk and I took advantage of it”, explains Selim Miled, Crisalyde’s CEO, to the Parisien.

Cybersquatting is a practice that consists in
taking a domain name by registering it, using or mentioning a trademark, a
business name, a patronym or any name on which the applicant has any right, in
order to make material or moral profit from its current or future notoriety.

Thus, Crisalyde registered 6 domain names: buzyn.paris,
agnesbuzyn2020.paris, buzynpourparis.com, buzynpourparis.fr, buzyn2020.info and
buzyn2020.com. “As soon as Agnès Buzyn’s
team contacts me, I will give them the domain name at the purchased price, with
a friendly advice” adds Selim Miled.

What strategy to adopt against cybersquatting?

Agnès Buzyn’s team will have to contact the
persons who registered these names, who may decide to graciously give them back
or resell them at prices they will have set.

However, legal actions exist aiming to retrieve a cybersquatted domain name, like the UDRP procedure (Uniform Domain Name Dispute Resolution Policy). This procedure will allow to suppress or transfer the domain name.

And lastly, in order to prevent any cybersquatting risk, it is recommended to implement a domain names registration monitoring to be immediately alerted of any new domain names registration that can potentially infringe your notoriety or your business.

The 67th annual ICANN Summit, a summit dedicated to Internet naming regulations, was to be held in Cancún, Mexico, from 7th to 12th March. Often referred to by the acronym ICANN67, it is finally another acronym COVID19 that designates the now famous coronavirus that forced ICANN to reconsider all the logistics of this major event.

Since 1999,
ICANN has organised three annual meetings devoted to the regulations applicable
to Internet naming and a fourth devoted to more operational aspects, often
referred to as the GDD Summit (Global Domain Division Summit). These meetings
are an opportunity for participants from some 150 countries to discuss live the
hot topics related to the Domain Name System (DNS).

For the
past few weeks, however, world attention has focused on a completely different
subject: the ongoing spread of the coronavirus, which according to the latest
figures available has contaminated some 75,465 people in mainland China and
caused the death of 2,236 people since its emergence in December in Wuhan,
capital of Hubei province. While South Korea also now has more than 150
confirmed cases, the list of countries with confirmed cases keeps growing. More
than 30 countries are now in this situation.

Quite
logically, in recent weeks, behind the scenes of the ICANN organization,
coronavirus has been rising as a major concern for the players in the domain
name industry. More and more potential participants were talking about the fact
that they would prefer not to travel for this event, which is important to
them, while others were asking whether it was appropriate to hold this event in
such a context. Recent cancellations of similar events have indeed echoed their
concerns. Earlier this month, the GSMA, the organizers of the world’s largest
mobile industry exhibition, Mobile World Congress 2020, effectively cancelled
the event after more than 30 exhibitors and sponsors withdrew due to the
outbreak. The Fintech Festival of India (IFF 2020) organised by the government
of Maharashtra, the Ministry of Electronics and Information Technology (MeitY),
the National Payments Corporation of India (NPCI) and the Fintech Convergence
Council also similarly announced this week that it would postpone the event to
a “more appropriate time” due to coronavirus-related issues. The
event was scheduled to take place on 4-5 March 2020.

At the 19
February session of the ICANN Board, which was extended by one hour, ICANN
finally decided :

« Resolved
(2020.02.19.01), by virtue of the public health emergency of international
concern posed by COVID-19, the daily evolving developments, and the high global
risk still identified, the Board directs the ICANN President and CEO, or his
designees, to take all necessary actions to not hold ICANN67 as an in-person
meeting in Cancún, Mexico.

Resolved
(2020.02.19.02), as the Board has determined to not proceed to Cancun, Mexico
for ICANN67, the Board directs the ICANN President and CEO to move ICANN67 to
ICANN’s first fully remote public meeting. »

The ICANN Board
communiqué confirms that the summit, which is usually held in person, will for
the first time be entirely managed remotely with means still to be clarified.

If the
holding of such event in a remote mode is unprecedented, it should be noted
that in the past ICANN has already changed the organization of its meetings for
similar reasons. Indeed in June 2016, for example, ICANN decided to move
ICANN56 from Panama City to Helsinki in Finland because of the Zika virus. The
only difference is that their decision could have been anticipated earlier.

This is why
ICANN has already taken up the subject for the holding of the following events :
the GDD Summit planned in Paris in May and then the ICANN68 planned in Kuala
Lumpur in Malaysia in June.

The.TWregistry (TWNIC) offers grandfathering registrations for holders of existing ASCII.TW domains that wish to register the same ASCII domain under .台灣 (.xn--kpry57d).

Before the official opening, TWNIC provides
priority registration for registrants who meet the eligibility requirements.

For example, twnic.tw can be registered for
twnic.台灣 in the
grandfathering period.

The following eligibility criteria apply and
are checked by the registry:

The creation date for ACSII.tw should be earlier than the same ASCII name under .台灣 (.xn--kpry57d)

The registrant of ASCII.台灣 (.xn--kpry57d) should be the same as ASCII.tw

ASCII.tw and ASCII.台灣 (.xn--kpry57d) should be managed under the same registrar when creating ASCII.台灣.

Grandfathering Period : from January 7th, 2020 to February 10th, 2020.

The ASCII.tw Domain Name “.台灣(.xn--kpry57d)” will be starting on February 18, 2020.

For more information on the conditions for registration of your .台灣, don’t hesitate to contact us.

*An
internationalized domain name (IDN) is an Internet domain name that contains at
least one language-specific script or alphabet, such as Arabic, Chinese,
Cyrillic, Devanagari, Hebrew. It allows
the use of domain names in the native language of Internet users using special
characters such as Asian, Arab or African users.

Following BREXIT, Eurid (.EU registry) had
recently updated its Domain names Registration Policy, by modifying the
conditions of attribution of a .EU domain name for the British and Gibraltarians,
according to the plan below:

* From 1st November 2019, EURid will NOT allow
the registration of any new domain name where the registrant’s residence or
establishment country code is either GB or GI, unless the citizenship country
code of the registrant corresponds to an EU27 Member State.

* On 24 October 2019, and following explicit
confirmation by the Commission, EURid will notify by email both GB and GI
registrants and their providers about their forthcoming non-compliance with the
.eu regulatory framework.

During this two-month
period, the domain names concerned remained active and could continue to be
used by their holders.

* As of 1 January 2020, all registrants who did
not demonstrate their eligibility will be deemed ineligible and their domain
names will be WITHDRAWN. A WITHDRAWN domain name no longer functions, as the
domain name is removed from the zone file and can no longer support any active
services (such as websites or email).

Twelve months after
the UK withdrawal, i.e. on 1 November 2020,
all the affected domain names will be REVOKED, and will become AVAILABLE for
general registration. Their release will occur in batches from the time they
become available.

* No transfer to GB /
GI registrants will be possible during the two-month period between 1 November and 1 January,
unless they have a citizen country code from an EU27 member state. The transfer
to a non GB / GI registered will remain possible.

Following the UK’s official leave
from the European Union on January 31, the United Kingdom and the EU will enter
into the so-called “transition period” until December 31, 2020.

During this “transition
period”, residents and citizens of the United Kingdom will continue to be
able to own and register .eu domain names. The plan described above will apply
from the end of the transition period and will soon be updated accordingly.

Nameshield will keep
you informed as soon as Eurid will update the rules.

For its part, the British register (NOMINET)
has no plans currently to restrict .uk domain names – they can be registered
irrespective of nationality or place of residence. All are eligible.

]]>FIC 2020 – Nameshield’s DNS Premium labelled France Cybersecurity once againhttps://blog.nameshield.com/blog/2020/01/29/fic-2020-nameshield-dns-premium-labelled-france-cybersecurity-once-again/?utm_source=rss&utm_medium=rss&utm_campaign=fic-2020-nameshield-dns-premium-labelled-france-cybersecurity-once-again
Wed, 29 Jan 2020 19:23:17 +0000https://blog.nameshield.com/?p=1322Continue reading "FIC 2020 – Nameshield’s DNS Premium labelled France Cybersecurity once again"]]>During the 12th edition of the International Cybersecurity Forum (FIC), the major event in terms of cybersecurity and digital confidence, which currently takes place from January 28 to 30 in Lille, Nameshield was given once again the France Cybersecurity Label for its DNS Premium solution.

Nameshield’s DNS Premium labelled France Cybersecurity

The DNS
is at the heart of companies’ critical services: Internet, email,
applications…

Exposed more and more frequently to attacks,
like DDoS, Man in the Middle… it must remain available.

The Nameshield’s DNS Premium is the
solution which meets DNS protection needs with a redundant, ultra-secure
infrastructure with all the key DNS services (anycast, DDoS protection, DNSSEC,
statistics…).

The DNS Premium solution labelled France
Cybersecurity, thus allows its users to protect their digital assets
from any attack and ensures a high availability of their Internet services.

France Cybersecurity Label, the guarantee of a certain level of quality in terms of cybersecurity

For reminder, the France Cybersecurity label is the guarantee for users that the Nameshield’s products and services are French and possess clear and well defined functionalities, with a certain level of quality in terms of cybersecurity, verified by an independent jury.

It answers to several needs and objectives:

Raise
awareness among users and international ordering parties regarding the
importance of the French origin of a Cybersecurity offer and its intrinsic
qualities ;

Certify
to users and ordering parties the quality and functionalities of labelled products
and services ;

Promote
French cybersecurity solutions and increase their international visibility ;

Certify
to users and ordering parties the quality and functionalities of labelled
products and services ;

Increase
their overall use and the users’ security level.

This label is governed by a committee composed
of representatives gathered in 3 colleges:

College
of officials: representatives from the “Direction
Générale de l’Armement” (DGA, the French Government Defense procurement and
technology agency), the “Direction Générale
des Entreprises” (DGE, the French Directorate General for Enterprise within
the Ministry of Economy, Industry and Digital), and the “Agence Nationale de la Sécurité des Systèmes d’Information” (ANSSI,
the French National Cybersecurity Agency).

College
of industrials: representatives from the “Alliance
pour la Confiance Numérique” (ACN – Alliance for digital confidence) and
HEXATRUST.

College
of users: representatives from groups of users, such as: CIGREF, GITSIS, CESIN,
CLUSIF ISSM space.

Nameshield, a 100% French company, certified ISO 27001 on all its registrar activity, was able to bring all the necessary guarantees to obtain the France Cybersecurity Label for its offer, the DNS Premium and illustrates its engagement to always provide the best services and standards regarding cybersecurity.

On June 1970, one year after the Stonewall
Riots, which marked the birth of the LGBTQ rights movements, the first Gay
Pride parades took place in many US cities to claim liberty, equality and
denounce prejudice, persecution, bigotry and hate.

Fifty years later, with the launch of the new extension .GAY by the registry TOP LEVEL DESIGN, a new digital space is created for the LGBTQ community. This extension is thus intended for individuals, organizations, businesses supporting the LGBTQ community. It will increase their visibility and create a safe online space.

The launch of .GAY will follow the calendar below.

.GAY Launching Calendar

Sunrise
period: from 10/02/2020 to 06/05/2020

EAP
(Early Access Period): from 11/05/2020 to 18/05/2020

General
availability: from 20/05/2020

.GAY donations to LGBTQ nonprofit organizations

Note that for each new domain name registered, the .GAY donates 20% of registration revenue to LGBTQ nonprofit organizations like GLAAD and CenterLink which are currently the inaugural beneficiaries.

A .GAY domain name registration will become a way to express support to the LGBTQ community.

.GAY rights protections policy

The .GAY will give the possibility to create a safer space online for LGBTQ community. Indeed, the extension will be subject to a .GAY rights protections policy, which will allow to report any content that is harmful or harassing LGBTQ people, and to act against them by removing the content or suspending the site itself.

“The use
of .gay for anti-LGBTQ content or to malign or harm LGBTQ individuals or groups
is strictly prohibited and can result in immediate server-hold. Prohibited
behavior includes harassment, threats, and hate speech” highlights the
registry.

.GAY domain name registrations will be prohibited to parties that are, or are associated with, recognized hate groups inciting violence against the LGBTQ community.

For more information on the conditions for registration of your .GAY, don’t hesitate to contact a Nameshield’s consultant.

]]>Why is the sale of .ORG registry a source of debate?https://blog.nameshield.com/blog/2020/01/15/why-is-the-sale-of-org-registry-pir-a-source-of-debate/?utm_source=rss&utm_medium=rss&utm_campaign=why-is-the-sale-of-org-registry-pir-a-source-of-debate
Wed, 15 Jan 2020 19:32:00 +0000https://blog.nameshield.com/?p=1474Continue reading "Why is the sale of .ORG registry a source of debate?"]]>

In November 2019, a press release announced that .ORG registry, Public Interest Registry (PIR), a non-profit organization managed by Internet Society, is going to be sold off to Ethos Capital, a private equity firm.

.ORG is the extension for non-profit organizations. The acquisition of PIR by Ethos has quickly concerned the organizations using .ORG, on the basis of the potential misuse of the extension by its new owner, which has, by its very nature, profit motives.

The concern? That the registrations and
renewals fees for .ORG domain names increase.

Yet, key figures of the Internet’s world, like
Andrew Sullivan (Internet Society CEO) are exited, seeing in this a strong
strategic partnership and a significant financial contribution allowing
Internet Society to advance its mission of a “more open, accessible and secure Internet for everyone”, as he
wrote in the press release about the acquisition of November 13, 2019.

It would seem that the fears created find their
origin in the “surprise” and lack of transparency around the deal, since the
transaction amount has not been disclosed.

These fears are, of course, the corollary of the removal on June 30, 2019, of the price caps imposed until now to .ORG fees (historically low) by ICANN, despite many reservations expressed by the community. Finally, the fact that Ethos has directly or indirectly a number of close connections to former ICANN members raises concerns to several voices of the industry.

The fear to see the increase of .ORG prices led Electronic Frontier Foundation (EFF) to launch the SaveDotOrg campaign, which aims to raise awareness about the potential impact of a .ORG price increase on the NGO’s budget constraints.

Also the possibility that Ethos Capital later
implements a principle of rights protections that could lead to a form of censorship,
as currently practiced in some countries wishing to silence NGOs.

In front of these protests, ICANN suspended the
acquisition operation last December and requests clarification from the
Internet Society.

More recently, in January 2020, a new candidate of the .ORG extension acquisition has appeared. It is a cooperative corporation (Cooperative Corporation of .ORG Registrants), gathering some web pioneer and former members of ICANN.

With over 5 million mobile applications available today on the major apps stores like Google Play and App Store, over 2 000 new applications uploaded every day and almost 2 billion applications downloaded in France in 2018, mobile apps have rapidly grown over the last 10 years to become an essential element of the digital world.

According to a research done by FEVAD, the revenue from mobile commerce is estimated to 22 billion euros in France in 2018, i.e. ¼ of online sales. Thus, mobile applications represent a fast growing market.

Studies have shown that 68% of consumers identified as loyal to a specific brand have downloaded that brand’s app. Conversely, statistics indicate that 40% of users will go to a competitor after a bad mobile experience. Companies have then quickly come to realize that ensuring that their customers have a high quality and secured mobile experience when downloading and using their branded applications is the key to consumer loyalty.

The growth of fake mobile applications

As brands’ mobile applications have grown in popularity with consumers, the number of fake mobile applications being released into the market by malicious actors has also exploded. Fake mobile apps can be dangerous because they are associated with fraud attacks, and have become a growing threat to consumers. Indeed, they have increased by 191% from 2018 to 2019. The McAfee Mobile Threats report indicates that almost 65 000 new fake apps were detected in December 2018.

Despite the precautions taken by most major apps
platforms to mitigate the number of malicious applications uploaded on their
platform, cybercriminals continue to find ways to bypass these security
measures.

A recent example, the fake Samsung app which
has tricked 10 million Android users. This app named “Updates for Samsung”
promises firmware updates, but in reality is not affiliated to Samsung. Once
downloaded, the app proposes ads first and foremost. To download an update, the
user must pay a fee of $34.99. However, this operation is completely free of
charge since the firmware update is directly accessible from the smartphone’s
settings.

What to do against these fake mobile apps?

Given the importance and omnipresence of mobile
applications, it is absolutely essential for companies to incorporate into
their brand protection and security strategies, a mobile application protection
and a monitoring implementation of mobile apps present on the market.

Every second, a malicious application is active and poses a threat to brands and consumers. To face this, Nameshield proposes an online monitoring of mobile apps present on the applications stores, allowing to identify the ones that might be infringing your brands and assists you in the actions to implement.

The general availability of .MADRID, the geographical extension of Madrid, the capital city of Spain is near. Managed by the Comunidad de Madrid registry, this extension was launched last April following the calendar below:

Every year, the end of year holidays often announce the
upsurge of fraudulent e-mails mass campaigns. During annual holidays,
cybercriminals try to profit from these periods, when the vigilance is
sometimes lowering, to launch phishing e-mails.

What are phishing and
slamming?

Phishingis used by cybercriminals to obtain personal information in order to commit an identity theft.

In the world of phishing (73% of companies affected in 2018), the slamming is a well-known variant that consists in encouraging domain names owners to renew their annuity with another registrar, by arguing the emergency and criticality of the concerned name’s loss. Concretely, this is an e-mail pushing its recipient to contract an unsolicited service and to proceed to the payment of this latter without delay.

Thus, the slamming can take the form of a fraudulent renewal bill, generally
associated with intimidating terms like “Expiration notice”. Under the pressure
of such e-mail, in general well built, it happens that the recipient then
proceeds to the payment and is debited of an important amount for the so-called
renewal.

In the same way, the slamming e-mail indicates that a “customer” of the sender, posing
as a fake registrar wants to register domain names identical or similar to your
brand. Then the fraudster proposes to register them for you in order to protect
you from these troublesome registrations, of course, in exchange for an urgent
payment.

Another kind of
attack, the suspicious e-mail attachment!

Be careful of fraudulent e-mails with infectious attachments: a single entry
point is enough to destroy a network!

The aim of a trap and thus malicious attachment
is to pose as a legitimate file (PDF, Word document, JPG image…), while hosting
and hiding a malicious code: this is what we generally call Trojans.

Some simple rules to
protect against them

Always stay alert when someone asks you your personal
data;

Do not ever open an attachment from an unknown sender, or from one
who is not entirely trustworthy;

Check the links by hovering the cursor over them
(without clicking) to ensure that they link to trustworthy websites;

Never reply under the pressure of this kind of solicitation and of
course do not proceed to any payment;

If there is any doubt, do not reply to the e-mail and contact
the sender through another method who will confirm if it really is a fraud
attempt or not.

]]>The financial industry, the target of more and more costly attacks on the DNShttps://blog.nameshield.com/blog/2019/11/21/the-financial-services-industry-the-target-of-more-and-more-costly-attacks-on-the-dns/?utm_source=rss&utm_medium=rss&utm_campaign=the-financial-services-industry-the-target-of-more-and-more-costly-attacks-on-the-dns
Thu, 21 Nov 2019 18:04:00 +0000https://blog.nameshield.com/?p=1313Continue reading "The financial industry, the target of more and more costly attacks on the DNS"]]>Image source: JimBear via Pixabay

Financial services companies are particularly affected by cyberattacks. They possess a wealth of information on the customers, protect their money and provide essential services which must be available day and night. They are a lucrative target. Among the favored lines of attacks: the DNS.

The Efficient IP’s Global DNS threat annual
report shows a constant growth of the DNS attacks’ number and the financial
impacts, with an average financial loss of 1.2 million euros in 2019. This
amount was estimated at 513 000€ in 2017 and 806 000€ in 2018.

If all the industries are affected by
cyberattacks, 82% of the companies surveyed have been affected and 63% have
suffered a traffic disruption, the financial industry pays a more important
price with 88% of impact. Conducted with 900 persons from nine countries of
North America, Europe and Asia, the study indicates that financial companies
suffered 10 attacks in average during the 12 last months, i.e. an increase of
37% compared to last year.

The increase of the costs is only one of the
DNS attacks’ consequences for the financial services industry. The most common
impacts are the cloud services’ downtime, experienced by 45% of financial
organizations, and internal applications downtime (68%). Furthermore, 47% of
financial companies have been the victims of frauds by phishing attacks aiming
the DNS.

The survey clearly shows the insufficient
security measures implemented for the DNS securing. The delay in applying security
patches is a major problem for the organizations of this industry. In 2018, 72%
of the interviewed companies admitted that a 3 days’ delay was necessary to
implement a security patch in their systems, 3 days during which they are
exposed to attacks.

Only 65% of the financial institutions use or
plan to integrate a trusted DNS architecture, they seem to be always late and not
to be sufficiently aware of the risks associated to this central point of their
infrastructure. The evolution of the threats on the DNS is constant, the attacks
are many and complex. It is essential to quickly react to better protect
yourself.

Industry, trade, media, telecom, health, education, government, service… many others sectors are affected by the attacks. Some solutions exist. ANSSI publishes every year the guide of good practices regarding the DNS resilience, which details many recommendations in order to be protected. Relying on an Anycast network; possessing a protection system against DDoS attacks; having a monitoring of DNS traffic and a team able to take action quickly; possessing an efficient security policy … As many measures essential to the resilience and efficiency of the DNS network against these damaging attacks in terms of financial and image impact.

Hoping to see at last better figures in the
2020 report.

]]>ICANN66 at Montreal – A contrasting summithttps://blog.nameshield.com/blog/2019/11/20/icann66-at-montreal-a-contrasting-summit/?utm_source=rss&utm_medium=rss&utm_campaign=icann66-at-montreal-a-contrasting-summit
Wed, 20 Nov 2019 14:21:24 +0000https://blog.nameshield.com/?p=1259Continue reading "ICANN66 at Montreal – A contrasting summit"]]>During the first half of November, the 66th ICANN Summit was held in Montreal, Canada. This third and final annual summit devoted to policies applicable to Internet naming was eagerly awaited as the topics under discussion are numerous. At its closing, however, it left many participants a little bit disappointed.

A preview of the topics and postures during the weekend before the official launch of the Summit

The weekend
before the official opening of the Summit is usually an opportunity to get an
overview of the topics and postures involved. Not surprisingly, the expedited
Policy Development Process (ePDP) which aims to develop a consensus rule to
specify future conditions of access to personal data that are no longer
published in the WHOIS, the domain name search directory, due to GDPR, is one
of the major topics.

Among other
related topics, the replacement of the same WHOIS by the RDAP (Registration
Data Access Protocol) probably next year for generic domain names. This
replacement is not insignificant when we know that WHOIS has been in use for
nearly 35 years.

The body
representing governments, the GAC, has weighed up the issue of domain name abuse,
which has taken off considerably on the new generic extensions launched in
2012. When we know the rise of Internet practices aimed at weighing on
elections in certain countries and the economic impact of computer attacks and
hacking, we understand that this subject is being pushed by the GAC. While one
of ICANN’s topics is to clarify in their texts the notion of malicious uses, this
term refers to domains registered for phishing, malware, botnets and spam, the
other part concerns the means to stem them. The existence of abusive domains indeed
threatens the DNS infrastructure, impacts consumer safety and threatens the
critical assets of public and commercial entities. Finally, and not
surprisingly, the subject of a future round of new generic extensions has also
been on many lips.

Cherine Chalaby at the ICANN Summit held in Montreal

“The best ICANN summit”, really?

During the traditional opening ceremony, which brings together all the guests for one hour (2500 according to Goran Marby, ICANN CEO) in a huge room to listen to various speakers, including Martin Aubé of the Quebec Government’s Ministry of Economy and Innovation, Cherine Chalaby, one of the ICANN Board members whose term ends at the end of the year, told his audience that ICANN66 would be the “Best ICANN summit”. It must be said, however, that at the end of the week of debates and meetings, which followed one another at a sustained pace, while the subjects under discussion are really numerous, the feeling regarding this assertion was more than mixed for many participants.

First, the
expeditious process for access to WHOIS non-public data is progressing with a
framework constrained by ICANN and the Personal Data Protection Authorities.
The outcome of this process is envisaged between April and June 2020 and it is
currently a centralized model where ICANN would allow the future lifting of
anonymity of data that are now masked due to GDPR which holds the line.

Then the subject that was probably
most often mentioned during this new summit week concerned abuses with domain
names. For ICANN, the subject is central because it is directly correlated to its
totem: the stability of the Internet for which they are the responsible. Since
February 2019, ICANN has been publishing some metrics on malicious practices
identified through DAAR, their Domain Abuse Activity Reporting.

Their latest report presented in
Montreal shows that 364 extensions (mainly new generic extensions from the 2012
round) revealed at least one threat posed by one of the domain names activated
on these extensions. More worryingly, new generic extensions would still account
for nearly 40% of malicious uses, compared to 60% for historical generic
extensions. This figure should be highlighted with the volume of these two
categories of extensions. Indeed, out of just over 200 million generic names,
new generic domains represent only 15% of the total number of registered names.
ICANN therefore wants this subject to be taken up by the entire community
present in Montreal.

Proposals were made by the various bodies present, some of which went so far as to request a policy development process (PDP). This last proposal, if it were to obtain ICANN’s approval, would have the unfortunate consequence of postponing the hypothetical schedule for a next round of new extensions, a subject that interested many of the guests present in Montreal. Indeed, for ICANN, the problem of the concentration of malicious practices in the new generic extensions must be solved before any future round, so that the PDP still in progress on the review of the last round of 2012 has gone almost unnoticed.

If the rules are slow to evolve on malicious uses, your Nameshield consultant can already provide you with adapted solutions to your needs on this key matter.

]]>Nameshield signs up the Paris Call in order to actively contribute to the Internet’s stabilityhttps://blog.nameshield.com/blog/2019/11/12/nameshield-signs-up-the-paris-call-in-order-to-actively-contribute-to-the-internet-stability/?utm_source=rss&utm_medium=rss&utm_campaign=nameshield-signs-up-the-paris-call-in-order-to-actively-contribute-to-the-internet-stability
Tue, 12 Nov 2019 19:56:00 +0000https://blog.nameshield.com/?p=1349Continue reading "Nameshield signs up the Paris Call in order to actively contribute to the Internet’s stability"]]>

Just one year ago, in the context of the first
Paris Peace Forum, the French President, Emmanuel Macron, launched the Paris
Call for trust and security in cyberspace. This call is a political
declaration aiming to express a mobilization on the stability in the cyberspace
and strengthens the efforts of the international community and many actors
involved in the digital security issues. This text reminds some principles that
we think are fundamental, like the application of the international rights and
the Human rights in the cyberspace. It also highlights the need of a multi
actors’ approach, to create standards which will allow us to fully benefit,
i.e. in a reliable and secure way, from opportunities provided by the digital
revolution.

Lastly, the Paris Call promotes the
strengthening of the digital products and services’ security that we use for
example, in our daily lives. The text aims in that sense, to prevent
cyberattacks perpetrated by malicious actors, which threaten all the users of
the cyberspace.

Aware that our Society’s development, on the
economic, cultural and democratic fronts, requires a strengthened trust of the
information that flows through the Internet, Nameshield, which has worked for
25 years to protect the digital identity of its clients; companies, local
collectivities and administrations through the use of their domain names,
wished to join this initiative and sign the Paris Call.

Its job consists in ensuring the integrity and
resilience of the identity of individuals and organizations on the Internet,
represented today by the domain name. By highly protecting data on domain name
identity cards (Whois) and by providing a high availability and high performance
service through the associated Domain Name System (DNS), Nameshield contributes
to a large extent to the second principle of the Paris Call: Protecting the Internet. To prevent activity that intentionally and
substantially damages the general availability or integrity of the public core
of the Internet.

Cornerstone of the Web, the Domain Name System (DNS) serves as the Internet directory. This protocol translates a domain name into an IP address, based on a database distributed on thousands of machines. If the DNS falls because of data corruption or a denial of service attack, all your websites and emails would become inaccessible, which is completely unthinkable nowadays! The DNS must be protected and must stay highly available.

Protocol created in the 1980’s, security flaws regarding the usual functioning of the DNS have been identified since its creation. That is why, a new secured protocol, DNSSEC, has thus been developed to ensure the authenticity of the exchanges through a certified signature. Other solutions can complete the resilience of your identity on the Internet: the registry lock, SSL certificates…

The security solutions proposed by Nameshield, an independent French company that stores its data in France and possesses its own anycast and resilient DNS infrastructure, certified ISO 27001 on all its domain names activity, are compliant with the ANSSI recommendations on the good practices regarding the domain names’ acquisition and exploitation.

In the context of the 2nd Paris Peace Forum, the Ministry of Foreign Affairs wished to illustrate the second principle of the Paris Call: Protect the Internet by highlighting the services proposed by Nameshield. The company is proud to be able to collaborate, at its level, with the actors implicated in digital security issues in order to make the Internet more reliable and thus contribute to the security of the cyberspace.

]]>Advices on how to change the domain name without losing its referencinghttps://blog.nameshield.com/blog/2019/11/08/advices-on-how-to-change-the-domain-name-without-losing-its-referencing/?utm_source=rss&utm_medium=rss&utm_campaign=advices-on-how-to-change-the-domain-name-without-losing-its-referencing
Fri, 08 Nov 2019 18:27:00 +0000https://blog.nameshield.com/?p=1308Continue reading "Advices on how to change the domain name without losing its referencing"]]>Image source: DiggityMarketing via Pixabay

During a rebranding for marketing purposes, in the context of a merger or an acquisition for example, a company can change its website’s domain name.

At the search engines’ level, it is all the pages that change, as if this was a brand new website. Therefore, how not to lose the work done on the SEO and make a successful transition, in particular if the website is old?

In the case of a rather old website with an optimal referencing on the existing domain name, transferring a website on a new name can ruin the time-consuming work that is the SEO. If the decrease of the traffic from organic search is normal (and temporary), some advises can help lessen the downturn, at least during the transition period.

Copy identically your website and implement 301 redirections

The first tip is to completely keep the
website’s architecture, so that only the domain name changes in the URL.

Then, permanent redirections (301 redirections)
must be created from each pages of the former website towards the corresponding
page of the new website. Do not implement multiple redirections.

This process must be closely monitored to
ensure that each 301 redirection is effective. The search engines will know
that it’s not necessary to index the former name anymore but it’s the new one
that must be indexed now. To ensure this, it is necessary to check that none of
the former pages is accessible through the former domain name.

Have the backlinks updated

Google uses parameters linked to confidence
indicators in its algorithm, thus to trusted websites, deemed as such by the
search engine (indicators like the age of the website, the transparency of the
legal notices, the ratio links number/words number per page, the links number
pointing from other websites to this one, the extensions like .edu, .gov, the
institutional websites, media websites, etc.) Hence, it can be interesting to
quickly obtain the links from this kind of trusted websites at the time of the
migration.

Along the same lines, reviewing your backlinks
and requesting to the websites that refer to your website to update these
links, so they link towards the new name, is an advantage. Of course, if you
have many backlinks, concentrate on the more important backlinks regarding the
referencing.

Inform Google

Lastly, it’s possible to directly inform Google
of the changing through Google Search Console, the search engine will then
update its index.

Register the sitemap

By submitting a sitemap file for the new website to the search engines, you will gain time in referencing by immediately giving to the engines the pages to index.

Keep the same holder for the new domain name

Make sure that the new domain name has the same
proprietary information on its whois as the former domain name. Google may
check these data.

Be patient

Do note that on Bing you will need an average of 2 months to get your referencing back, and about 6 to 7 months on Google.

All
domains on .NEW must resolve to action generation or online creation
flows. Once resolved, the web user should be able to ‘create’ something without
any further navigation. For example, docs.new proposes a dedicated page proposing
the direct use of Google online word-processing software allowing a new
document creation page.

Any
.NEW
domain will need to be live within 100 days of registration.

If these conditions are not respected, the
registry will consider the registration as non-compliant with the registration
policy. In this case, the name will be placed on hold. The registrant will then
be notified to correct and apply these conditions, if no action is taken, the
domain will be blocked then deleted.

Launch calendar

Sunrise period: from October 15, 2019 to January 14,2020

LRP (Limited Registration Period): from January 14
to July 14, 2020

General availability:
from July 21, 2020

For more information on the conditions for registration of your .NEW, don’t hesitate to contact us.

Last October 15, Kaspersky, the antivirus software company, published an edifying report about the volume of cyberattacks directly aiming connected objects.

Although the industry expected that this new generation of objects would be directly targeted by cyberattacks, the increase in the cyberattacks number is alarming and lets easily imagine the security flaws that the connected objects present.

According to the estimation presented by
Kaspersky, between the beginning of 2018 until mid-2019, the attacks would have
reached the record of 105 million, i.e. nine times more than the previous year
as a whole.

In order to conduct this research, Kaspersky used the trap technique by deploying more than 50 honeypots across the world. A Honeypot is a program that imitates the connected objects’ signature specifically created to attract cybercriminals. It was then possible to detect attacks from pirates that fell into the trap set for them. According to Kaspersky, during this experience, more than 20 000 sessions would have been infected every 15 minutes. 105 million attacks from 276 000 unique IP addresses have then been detected (compared to 12 million in 2018).

Furthermore, the report indicates that both in
2018 and 2019, China and Brazil are vying for the top position of the countries
that served as the origin of the attacks launched.

The main malwares that use the security flaws
of connected objects are well known (Mirai for example) and identified.

While we are aware that IoT is a privileged
playground for pirates, the first security measures are far from being
systematically applied. It’s essential for example to change the password
installed by default for each connected devices’ purchase.
For reminder, although technologies of cyber
malice are indeed more and more sophisticated, the first gateway for pirates remains
the users’ lack of vigilance.

As of October 19, 2019, internationally-based EU citizens can now register .EU or .ею domain names.

The .EU is the country code top level domain for the European Union. More than 3.6 million registrations spread out across Europe make this TLD a popular extension. Initially, this extension is only reserved to companies and individuals residing within EU and EEA member states. However in order to meet the needs of an ever-changing digital environment, EURid, the .EU registry, changes this eligibility criteria to extend it to all EU citizens living around the world.

“We are
excited to be able to extend the registration criteria to EU citizens around the
world. The .eu domain is now closer to your ambitions, achievements and dreams.
It is the bridge connecting you to your friends and family – even if you live
outside the EU. It will always show your roots, your outlook, and your cultural
values.” – Marc van Wesemael, EURid`s CEO.

For more information on the conditions for registration of your .EU, don’t hesitate to contact us.

Argentina now offers the possibility to register .AR domain names. Until now, it was only possible to register third level domain names particularly in .COM.AR.

Here are the launching periods planned:

Sunrise period – From 11/09/2019 to 09/11/2019

Priority
to holders of domain names registered in the zones .com.ar, .net.ar, .org.ar,
.int.ar, .tur.ar, before December 1st, 2015 and in effect at August
27, 2019.

At
the end of this period, if only one request is received, the user who did the
request can register the domain name by paying the corresponding tax. If many
requests are received by the registry for the same name, the holder of the name
will be decided by drawing lots.

Intermediary period – From 27/11/2019 to 27/01/2020

During this period, all the community can request the registration of domain names available in .AR.

The reserved and restricted domain names are
excluded and some domain names will likely be subjects to approval.

Reserved domains: domain names identical to names registered in ‘.gob.ar’ and ‘.mil.ar’ are exclusively reserved to these names’ holders. To note: Even a domain name reserved in one of the .AR zones can be classified as reserved by the Argentinian registry.

Restricted domains: Even a domain name reserved in one of the .AR zones can be classified as reserved by the Argentinian registry, making these names unavailable for registration.

Terms
which are subjects to approval: normal words or expressions which, if they are
part of a domain name, must be approved by the Argentinian registry. They
include names that are aggravating, discriminatory or contrary to the law, to morality
or to good customs, or that could cause confusion, deception or identity theft.

General availability: 23/02/2020

Starting 23/02/2020, domain names available can be registered in .AR by any user, depending on the conditions set by the rules of the Argentinian registry.

For reminder, the registration conditions of the .AR include the providing of supporting documents.

If your current domain names portfolio doesn’t
have COM.AR, NET.AR, etc. and you wish to register a .AR at the time of the
general availability, we advise you to anticipate and to contact your
consultant to know the detail of the documents to provide.

]]>The domain name is an integral intangible assethttps://blog.nameshield.com/blog/2019/09/16/the-domain-name-is-an-integral-intangible-asset/?utm_source=rss&utm_medium=rss&utm_campaign=the-domain-name-is-an-integral-intangible-asset
Mon, 16 Sep 2019 17:59:00 +0000https://blog.nameshield.com/?p=1305Continue reading "The domain name is an integral intangible asset"]]>Essential key element to any dematerialized data flow exchange, the domain name became a strategic intangible asset of great value. Depending on the academic works, there is a real correlation between the intangible assets’ quality and the companies’ economic performance. Identifying and valuating domain names becomes necessary for the financial director. Explanations in La revue de la Société Française des Analystes Financiers – SFAF (the journal of the French Society of Financial Analysts) of Jean-Manuel Gaget, Strategy and Consulting director of Nameshield and administrator of the Institut de Comptabilité de l’Immatériel (Intangible Accounting Institute).

In the 90’s, the domain name was an accessory
element of the brand. During its world expansion, it became the principal
element of the brand, in particular in the e-commerce’s world. You only need to
look at how Amazon or Easyjet have developed their logo to consider it as a
unique communication medium.

The domain name has this unique particularity to be an intangible asset with four dimensions. It is simultaneously:

An
IT object allowing to access services on the Internet by being the link between the IP address (a suite of
numbers) of a physical object [computer, server, smartphone…] and a literal
name (role of the Domain Name Server or DNS);

A
communication tool allowing to establish its identity on the Internet and gain
a digital territory;

A
legal element through a temporary contract with an Internet Registry;

A
financial asset, accountable as an intangible asset under certain conditions.

Now an essential key element to any
dematerialized data flow exchange, be it for email sending, the access to
websites, social networks and connected objects, any data exchange on the
Internet passes by the use of a domain name and any service disruption has
important consequences on the organizations’ activity.

Why and how to rate your domain name capital?

Today, the academic works, in particular carried by the French referential of the intangible capital’s measure “Thesaurus Capital Immatériel” (Thesaurus Intangible Capital) show a real correlation between the intangible assets’ quality and the companies’ economic performance. The higher the quality of the intangible assets is (human capital, information system capital, customer capital…), the stronger, more sustainable and economically efficient in the medium and long term the company’s fundamentals are. Hence the importance to measure the intangible capital and its evolution over time.

However, as much as literature is rich
regarding methods of brands valuation, it is near non-existent regarding domain
names. That is why in 2019, the Intangible Accounting Institute wished to enrich
the Thesaurus Intangible Capital with a specific section on the rating of the
domain name capital. In the same way that clients, Human, IT, knowledge… assets
are evaluated, we searched to evaluate the domain name capital in association
with the brand capital. Because brands and domain names are now inseparable!

Accounting principles applicable to domain names

In a decision of the French Council of State of
December 7th, 2016 (ebay.fr case), it is reminded that if the use of a domain
name:

Represents
a constant source of profits;

Has
a sufficient sustainability (particularly if it can be regularly renewed);

Is
likely to be transferred;

Then it is an intangible asset of the company and must follow the associated accounting and tax rules. As such, the domain names have to be accounted either at their creation cost, at their acquisition value, or at their current value (market value) for the ones acquired free of charge. The domain names are then not to be considered as a simple IT workload, but as real assets that should be managed at fair value. As such, further attention on tax issues related to domain names’ value must be given within the context of the transfer prices.

The market approach aims to measure the
semantic value of a domain name by reference to the monetary transactions
passed. To that end, we have developed a database of more than 1.4 million
transactions passed. This approach allows to give a price value by comparable.

Aim: to measure the digital performance of the organizations

These three approaches of domain names valuation
by historical costs, the market and the loss, combined to the domain name
capital rating are tools that should be at the disposal of the financial
directions so they can better measure the digital performance of their
organizations.

]]>Satori Botnet: The hacker facing up to 10 years imprisonment did not act alonehttps://blog.nameshield.com/blog/2019/09/05/satori-botnet-the-hacker-facing-up-to-10-years-imprisonment-did-not-act-alone/?utm_source=rss&utm_medium=rss&utm_campaign=satori-botnet-the-hacker-facing-up-to-10-years-imprisonment-did-not-act-alone
Thu, 05 Sep 2019 16:53:48 +0000https://blog.nameshield.com/?p=1276Continue reading "Satori Botnet: The hacker facing up to 10 years imprisonment did not act alone"]]>Image source: TheDigitalArtist via Pixabay

We now know more about the cyberpirate, Nexus Zeta, whose real name is Kenneth Currin Schuchman, who distinguished himself with the creation of the Satori botnet.

Pleading guilty to the charges regarding Satori botnet creation, his confessions describe the implementation of this attack using IoT flaws.

For reminder, a botnet is a set of infected computers remotely controlled by a
cybercriminal. The machines that belong to a botnet are often called “bots” or
“zombies”. The aim: to spread a malware or a virus to the greatest number of
machines possible.

The hacker Nexus Zeta did not act alone but worked
together with two other cybercriminals: Vamp who served as the primary developer/coder
of Satori and Drake who managed the botnet sales.

The Satori botnet was created based on the public code of the Mirai IoT malware.

For reminder, in 2016, Mirai was the source of one of the biggest DDoS ever seen in 2016, targeting in particular the American provider DYN. The functioning is based on the permanent research on the Internet, of IP addresses corresponding to connected objects (IoT). Once the vulnerable connected objects identified, Mirai connects to them to install the malware.

If the Satori botnet mainly attacked the devices running with factory-set or easy to guess passwords, in its first month of deployment, it has infected over 100 000 devices.

Between 2017 and 2018, the three hackers
continue to develop Satori, which they will rename Okiru and Masuta. The botnet
went as far as to infect over 700 000 devices.

Officially accused by the American authorities,
Kenneth Currin Schuchman is free until his trial. However, he breaks the pre-trial
release conditions by accessing the Internet and developing a new botnet. It is
in October 2018 that he is this time arrested and jailed. Pleading guilty, he’s
facing up to ten years in prison and a fine of 250 000 dollars.

On October 29, 1969 UCLA sends the very first
e-message to Stanford Research Institute through Arpanet network (Advanced
Research Projects Agency Network) laying the foundation for today’s networked
world.

Arpanet, the Internet’s precursor

Arpanet is the first data transfer network
developed by the Advanced Research Projects Agency (ARPA) which belonged to the
U.S. Defense Department.

The first Arpanet node was set up at UCLA on
August 30, 1969, the second node, at the Stanford Research Institute, was set
up on October 1st 1969. The first message was sent between the two institutions
on October 29 1969 by the UCLA computer science professor Leonard Kleinrock who
wished to send the word “login” but the system crashed so only two letters,
“l” and “o”, were transmitted, the complete word will only
be transmitted 1 hour later.

Arpanet connected some universities and research
institutes: first, UCLA and Stanford Research Institute, followed by UC Santa
Barbara and the University of Utah. At the end of 1969, Arpanet counted 4
nodes, in 1971, 23 nodes were created and 111 nodes in 1977.

In 1983, Arpanet has been divided in two
networks: one military, the MILnet (Military Network) and the other academic, the
NSFnet.

On January 1st 1983, the name “Internet” already in use to define all
of Arpanet,
became official.

World Wide Web turns 30 years old

In 1989, Tim Berners-Lee, a researcher working
for the CERN, proposed a hypertext system working on the Internet. This system
was originally developed for scientists working in universities and institutes
around the world, so they could instantly share information. His vision of
universal connectivity became the World Wide Web, which sent Internet usage
skyrocketing.

In 1993, Mosaic, the first popular web browser
was created by Marc Andreessen and Eric J.Bina, two students of the National
Center for Supercomputing Applications (NCSA) of the University of Illinois. It
was not the first graphical web browser but Mosaic was particularly fast and
allowed the users to display images inside web pages instead of displaying
images in a separate window, which has given it some popularity and contributed
to increase the World Wide Web’s popularity.

Internet Protocol – From IPv4 to IPv6

The Internet Protocol (IP) is a set of
communication protocols of IT networks developed to be used on the Internet. IP
protocols allow a unique addressing service for all connected devices.

IPv4 the first major version was invented in
the 70’s and introduced to the public in 1981. It is still the dominant
protocol of the Internet today. Twenty years ago, the IETF (Internet
Engineering Task Force) started predicting the depletion of IPv4 addresses and
began working to create a new version of the Internet Protocol: IPv6.

DNS – Domain Name System

At the request of the Advanced Research Projects Agency of the U.S. Defense Department, the DNS (Domain Name System) was invented in 1983 by Jon Postel and Paul Mockapetris, in order to associate complex IP addresses with humanly understandable and easy-to-remember names. Thus a logical address, the domain name, is associated to a physical address, the IP address. The domain name and IP address are unique.

In 1998, is created ICANN (Internet Corporation for Assigned Names and Numbers), the regulatory authority of the Internet. Its main purpose is to allocate the Internet protocol addresses spaces, to attribute the protocol identifier (IP), to manage the domain name system of top level for generic codes (gTLD), to assign the country codes (ccTLD), and to carry out the functions of the root servers’ system management.

With 351.8 million domain names registrations
in the first quarter of 2019, domain names registrations continue to climb, but
with the increase of the number of threats aiming the DNS at the same time.

The emergence of cyber threats

Considered as one of the first cyberattacks and
certainly the first to attract the media’s attention, the Morris Worm was
launched in 1988 by a student of the Cornell University, Robert Tappan Morris.
Originally, the malware developed by the student didn’t have for purpose to
cause damage but simply to estimate the extent of the Internet. However this
worm affected about 60 000 computers estimated connected to the Internet
and the cost of the damages was about 100 000 to 10 million dollars.
This event marks the turning point in the field of online security.

Today, cyberattacks are abundant, frequent and
more and more sophisticated. The evolution of techniques and the arrival of new
technologies make cyberattacks increasingly complex and offer new opportunities
to attackers.

There are various types of cyberattack like attacks aiming the DNS: DDoS, DNS cache poisoning, DNS spoofing, Man in the Middle… (In 2019, according to IDC – International Data Corporation, 82% of companies worldwide have faced a DNS attack over the past year) or attacks directly aiming users and having for purpose to obtain confidential information to steal an identity (phishing).

The consequences for victimized companies can be significant. For example, today the cost of a data breach is 3.92 million dollars on average according to IBM Security, this cost has risen 12% over the past five years.

An IP traffic estimated in 2022 more important than the one generated from 1984 to 2016

With more than 5 billion Google searches made
every day, e-commerce continuing to thrive, social media growing in popularity
and the increasing number of connected objects, the traffic volume on the
Internet has risen considerably.

Indeed, in 1974, daily traffic on the Internet surpassed 3 million packets per day. According to a Cisco’s research in 2017, the global IP traffic reached 122 exabytes per month, the company estimates that this volume should reach 396 exabytes by 2022.

“The size and complexity of the Internet continues to grow in ways that many could not have imagined. Since we first started the VNI Forecast in 2005, traffic has increased 56-fold, amassing a 36% CAGR (Compound Annual Growth Rate) with more people, devices and applications accessing IP networks” said Jonathan Davidson, senior vice president and general manager of Service Provider Business at Cisco.

Today, 50 years after the birth of the Internet’s ancestor, Arpanet, there are more Internet connected devices than people in the world. In 2022, the web users will represent 60% of the world’s population and more than 28 billion devices will connect to the Internet.

]]>Soon a maximum duration of one year for SSL certificates?https://blog.nameshield.com/blog/2019/08/26/soon-a-maximum-duration-of-one-year-for-ssl-tls-certificates/?utm_source=rss&utm_medium=rss&utm_campaign=soon-a-maximum-duration-of-one-year-for-ssl-tls-certificates
Mon, 26 Aug 2019 17:06:00 +0000https://blog.nameshield.com/?p=1298Continue reading "Soon a maximum duration of one year for SSL certificates?"]]>

What is happening?

The industry actors plan to reduce the lifetime of SSL/TLS certificates, allowing the HTTPS display in browsers, to 13 months, i.e. almost half of the present lifetime of 27 months, in order to improve security.

Google through the CA/Browser Forum has indeed
proposed this modification, approved by Apple and a Certification Authority, making
it eligible to vote. During the next CA/B Forum meetings, if the vote is
accepted, the modification of the requirements will come into effect in March 2020. Any certificate issued
after the entry into force date will have to respect the requirements of the
shortened validity period.

The aim for this reduction is to complicate
things for cyber attackers by reducing the duration of the use of the potentially
stolen certificates. It could also force companies to use the most recent and
the most secured available encrypting algorithms.

If the vote fails, it’s not to be excluded that
browsers supporting this requirement, unilaterally implement it in their root
program, thus forcing the change to the Certification Authorities. It’s likely
that this could be the case, this change follows Google’s precedent initiative that
aimed to reduce the lifespan from three years to two years in 2018, period during
which Google already wished to reduce it to 13 months or even less.

Who is impacted?

The changes proposed by Google would have an impact on all the users of TLS certificates of public trust, regardless of the Certification Authority that issued the certificate. If the vote passes, all certificates issued or reissued after March 2020 will have a maximum validity of 13 months. The companies using certificates with a validity period superior to 13 months will be encouraged to reconsider their systems and evaluate the impact of the proposed modifications on their implementation and their use.

The TLS certificates issued before March 2020 with a validity period superior to 13 months will stay operational. The public non-TLS certificate, for the code signing, the TLS private code and clients’ certificates, etc. are not concerned. It will not be necessary to revoke an existing certificate following the implementation of the new standard. The reduction will have to be applied during the renewal.

What do the market players think about this?

It would be a global change for the industry with
impacts on all the Certification Authorities. They view this proposition in a negative light. We
can see an economic interest above all, but not solely…

The main argument is that the market is not
ready in terms of automation system of orders and certificates implementations.
Indeed, there would be more human interventions with the risks associated with poor
handling, or simply a higher risk of forgetting a certificate renewal.

For Certification Authorities, reducing the
certificates’ lifespan to such a short term mainly presents an increase of the
human costs related to the certificate portfolio management. If they are not
fundamentally against this decision, they would particularly like more time to
study what users and companies think.

The position of browsers makers

Be it Google or Mozilla, the spearheads of the
native HTTPS massive adoption for all websites and the supporters of the
Let’sEncrypt initiative, what is important is the encrypting of all web
traffic. A reduction of the certificates lifespan reduces the risk of
certificates theft on a long period and encourages the massive adoption of
automated management systems. For these two actors, an ideal world would have
certificate of maximum 3 months. If they are attentive to the market as to not
impose their views too quickly, it is more than likely that in the long term
the certificates’ lifespan will continue to decrease.

Nameshield’s opinion

The market continues its evolution towards shorter
and shorter certificates’ validity, as a continual decrease of the
authentication levels and consequently a need for management automated
solutions that will increase. We will align on these requirements and advise
our customers to prepare themselves for this reduction which will, without a
doubt, arrive. Our Certification Authorities partners will also follow this
evolution and will allow to provide all systems of required permanent inventory
and automation.

To be heard

The CA/Browser Forum accepts comments of external participants and all discussions are public. You can directly enter your comments to the Forum distribution list: https://cabforum.org/working-groups/ (at the bottom of the page). Nameshield is in contact with CA/Browser Forum participants and will inform you of the future decisions.

The domain name has this unique particularity
to be an intangible asset with four dimensions.

It is simultaneously:

An
IT object allowing to access
services on the Internet by doing the link between the IP address (a suite of
numbers) of a physical object [computer, server, smartphone…] and a literal
name (role of the Domain Name Server or DNS);

A
communication tool allowing to establish
its identity on the Internet and gain a digital territory;

A
legal element through a temporary
contract with an Internet Registry;

A
financial asset, accountable as an intangible
asset under certain conditions.

Today an essential key element to any dematerialized
data flow exchange, the domain name became overtime a strategic intangible
asset of great value regarding associated services (email, websites access).

Accounting principles applicable to domain names

The domain name is not to be considered as a
simple technical tool, but as an intangible asset to write in the balance sheet
of the companies and collectivities, if it allows to generate a lasting source
of profit. In a decision of the French Council of State of December 7th,
2016 (ebay.fr case), the wise persons of the Palais-Royal thus remind that if
the use of a domain name:

Represents
a constant source of profits;

Has
a sufficient sustainability (particularly if it can be regularly renewed);

Is
likely to be transferred;

Then it is an intangible asset of the company
and must follow the associated accounting and tax rules. As such, the domain
names have to be accounted either at their creation cost, or at their
acquisition value, or at their current value (market value) for the ones
acquired free of charge.

The market approach aims to measure the
semantic value of a domain name by reference to the monetary transactions
passed. To that end, Nameshield has developed a database of more than 1.4
million transactions passed (domain name, price, year). This approach allows to
give a price value by comparable.

The strength of a domain names’ valuation method, scientific and practical

Supported by its regular work in the acquisition and/or sale of domain names for its clients’ companies and collectivities, Nameshield is able to propose an approach of monetary valuation of a domain name or a domain names’ portfolio, as part of the best current scientific practice.

Until now, Australian domain names were only available
for registrations in second level extensions, in particular .COM.AU.

If the decision to open the .AU registration goes back to 2015, it took four years to set the rules!

It seems that starting October 1st, 2019, the holder of the existing .com.au domain name, for example forexample.com.au, will be able to apply for priority status to register the exact match of their existing name in .AU, forexample.au.

The General Data Protection Regulation (GDPR)
has without a doubt a negative impact on the enforcement efforts, according to
the participants at the INTA 2019 annual meeting (International Trademark
Association) in Boston.

Margaret Lia Milam, domain name strategy and
management lead at Facebook warned that the platform’s scale makes it a “huge
target for bad actors”.

Milam stated that because the site is working
at such a scale, it cannot turn to lawyers for the “thousands” of requests it
receives.

Statton Hammock of MarkMonitor said that
MarkMonitor had suffered a loss of efficiency of 12% due to the GDPR. His team
has “historically used WHOIS to protect IP rights” but because of the GDPR, all
the data they have cached “become less and less useful with each passing day”.

Alex Deacon, founder of Cole Valley Consulting,
echoed Milam and Hammock’s comments warning that the Spamhaus Project, an
international organization aiming to track emails spammers, is struggling to
manage its blacklist because of the GDPR.

Block.one (EOS), the startup behind the EOS cryptocurrency acquires the voice.com domain name for the amount of $30 million.

This is how the Chief Marketing Officer of
MicroStrategy explains this acquiring at a high price: “Block.one has made a
smart strategic decision in choosing Voice.com to be the internet domain name
for its new social media platform. The word “voice” is simple and universally
understood. It’s also ubiquitous ― as a search term […]. An ultra-premium
domain name like Voice.com can help
a company achieve instant brand recognition, ignite a business, and massively
accelerate value creation”.

It places this sale in the top 5 of the biggest
domain names’ sales:

Lasvegas.com $90 million in 2005.

CarInsurance.com $49.7 million in 2010.

Insurance.com $35.6 million in 2010.

PrivateJet.com $30.18 million in 2012.

Voice.com $30 million in 2019.

After having raised more than $4 billion
through a fundraising in cryptocurrencies (ICO), the startup Block.one plans to
use the domain name with the aim to compete with the social media platform
Facebook.

The social media platform VOICE is opened since June, 1st 2019.

At a keynote, EOS’ CEO Brendan Blumer and Dan Larimer Block.one’s CTO, presented VOICE as an absolute alternative to everything that represents Facebook.

“Our content. Our data. Our attention. These
are all incredibly valuable things. But right now, it’s the platform, not the user
that reaps the reward. By design, they run by auctioning our information to
advertisers, pocketing the profit, and flooding our feeds with hidden agendas
dictated by the highest bidder. Voice changes that.”

In order to differentiate from Facebook, VOICE will function on the following basis:

VOICE
will operate on EOS blockchain, which is upgrading to a faster version 2 for
the occasion;

An
anti-bot policy and other trolls will be implemented, without more details
disclosed on the technology approach;

The
blockchain will be public;

The
arbiter of what must be seen or not, will not be the algorithm but the consensus;

Regarding
security, a partnership with Yubico, makers of the Yubikey was announced. EOS seems
to aim for an integration with WebAuthn, a standard for authentication without
password recently approved by the W3C.

In other words, EOS wants to propose a model
opposite to Facebook: the control by everyone of their personal data and their
possible monetization.

On last May 10th, in a press release, the Pacers Sports & Entertainment (PSE) organization, owner of the NBA’s basketball team the Indiana Pacers, revealed that they were the victim of a sophisticated phishing attack at the end of 2018.

For reminder, phishing is a technique used to obtain personal information in order to commit an identity theft. This is a «social engineering» technique, i.e. consisting in exploiting not an IT flaw but a «human flaw» by deceiving web users through an e-mail seemingly coming from a trustworthy company, typically a bank or a business website.

Pacers Sports & Entertainment victim of a phishing attack

At the end of 2018, the company PSE has then been the target of a phishing emails campaign resulting in the unauthorized access to emails containing personal information related to a limited number of individuals.

This cyberattack affected a limited number of
individuals but the amount of the stolen information is important: name,
address, date of birth, passport number, driver’s license, state identification
number, account number, credit/debit card number, digital signature, username
and password and for some individuals, the Social Security number.

The American company has quickly implemented
measures to secure the affected email accounts and investigate the incident
with the assistance of forensic experts. This investigation then revealed that
the hackers had access to the accounts of a limited number of persons between
October 15th and December 4th, 2018. The press release
doesn’t give any details regarding the identity of the targeted persons.

PSE individually notified each victim whose
information has been stolen and assures that “to date, PSE has no evidence of
actual or attempted misuse of any personal information”. The organization offered
to the victims of the cyberattack an access to credit monitoring and identity
protection services at no cost.

Some simple rules against phishing

Phishing attacks are increasing. Above all, they are becoming more and more sophisticated, and target all kinds of industries. Each and every one of us must be extra vigilant.

Lastly, for reminder, here are some simple rules to protect yourself against phishing attempts:

Do
not reply when someone asks for your personal data by email;

Do
not ever open an attachment from an unknown sender, or from one who is not
entirely trustworthy;

Check
the links by hovering the cursor over them (without clicking) to ensure that
they link to trustworthy websites;

Do
not trust the name of the mail’s sender. If there is any doubt, contact the
sender through another method.

More user-friendly, more comprehensive, more
attractive… our brand new and improved
Nameshield SSL interface is being launched on Thursday, June 13th allowing
you to manage all of your certificates.

You will now have access to key metrics on your
certificate portfolio, to different certificate lookup views (such as complete
portfolio, detailed overview, certificates nearing expiry, pending orders,
expired or revoked certificates), to an Organization and Contact management
tool and a redesigned ordering system.

Lastly, a decision support tool has been
included in the interface to help you choose the certificate that’s right for
your needs.

The certificate range has been updated to cover
all types of certificates, SSL, RGS, Code Signing, Individual certificates and
with all levels of authentication.

The SSL team remains at your disposal for a
demonstration and a complete user guide is available covering all possible
operations and actions.

On Friday May 17th, 2019, the
Council of Ministers of the European Union presented the creation of a
blacklist identifying the perpetrators of cybercrimes located outside the EU.

Thus this is a new legal context which has been
validated by the EU in order to try to reduce the continuously growing
cyberattacks’ number. Now, the EU will indeed be able to sanction individuals
or entities involved in the cyberattacks carried out from outside the EU.

Europe seeks through this measure to protect as
far as possible the most critical infrastructures, regarding electoral or
health systems for example, from cybercriminals, by abolishing the impunity
which the international hackers seemingly enjoyed.

If there is no name on this famous list today,
the situation could change soon.

Recently, the British Foreign Secretary, Jeremy Hunt declared that “for too long now, hostile actors have been threatening the EU’s security through disrupting critical infrastructure, attempting to undermine democracy and stealing commercial secrets and money running to billions of Euros. Hence, this decision was necessary.”

It’s now very clear that the cyberattacks carried out by nations, against nations or entities, tend to multiply. It’s important to note that these sanctions can be retroactive. To this day, the sanctions are not clearly defined: travel bans and assets freeze against those we know have been responsible for these actions? Several options are presently being studied.

Faced with the upsurge and the continually increasing strength of cyberattacks, a simulation exercise of a cyberattack in the finance industry will be organized by the members of the G7, the world’s major economic powers.

In the French presidency context, France will
be the one that will run this test in which 24 financial authorities of the 7
members of the G7 will participate during 3 days.

Today it is no secret that the banking sector is
one of the most targeted by cybercriminals [according to an IBM’s research, 19%
of the attacks would aim banking institutions].

Thus, for the first time, the G7 countries organize a cyberattack cross-border simulation in early June 2019. This test is organized by the Banque de France (the central bank of France) and proposes the following scenario: a malware will be injected in a technical component widely used in the financial sector.

As indicated by Bruno Le Maire, the Minister of
Economy and Finance of France “cyber threats are the proof that we need more
multilateralism and cooperation between our countries”.

According to this argument, this same exercise
will be conducted at the same time in the other countries, giving it a specific
dimension. If other exercises of this kind have indeed already been done
before, particularly by the Bank of England and the European Central Bank, none
of these tests was done simultaneously.

What are the results sought in this joint exercise?
Firmly establishing the risks of a cyberattack’s epidemic spread, in order to
be able to enhance the infrastructures security and to ensure the reactivity in
case of attack and prevent a wide contagion.

The actors and utility providers invade the
connected world, benefiting from the innovations that the rest of the world
opportunely provides them. It wouldn’t be a problem if we didn’t live in an age
where hacking a power plant became possible.

In 2015 and 2016, hackers shut down power to
thousands of users in the middle of the Ukrainian winter. Since then, the
American government openly admitted that foreign powers tried every day to take
control of the energy grid control rooms of the United States. And this is
important because we are currently connecting decades old infrastructures in an
environment which is swimming with threats that it was never designed to
protect against.

Engineers have not always played well with
computer scientists. These disciplines are different, they are different
mindsets with different aims, different cultures and of course, different technologies.
Engineers can plan for accidents and failures, while cybersecurity
professionals plan for attacks. There are completely different industry
standards for each discipline and very few standards for the growing field of
the Internet of Things (IoT), which is increasingly weaving its way into
utility environments. Those two worlds are now colliding.

Much of the IT used in utilities infrastructure
was previously isolated, operating without fear of the hackers, with systems
built for availability and convenience, not for security. Their creators didn’t
consider how a user might have to authenticate to a network to prove that they
are a trusted actor. That might have been acceptable in the past, but now we
have a landscape littered with outdated machines weighed down with insecure
codes that are unequipped for modern IT threats. The upgrading of these systems
and the security afterward, won’t solve all those security problems and
replacing them entirely would be too expensive, difficult to envisage and
almost utopian for many. And today, this is a real problem to connect them in
an environment exposed to threats and adversaries searching for the next easy
target.

Today, the world tends to connect more and
more, particularly through Internet of Things (IoT), we talk about connected
cars, baby monitors connected to a parent’s smartphone and doorbells informing
homeowners who is at their doors, fridges, washing machines become connected…
and utilities follow the trends, naturally wanting to be part of this world’s
evolution towards the increasing computerisation of physical objects.

Exciting as these new innovations might sound, evidence
mounts every day of the IoT’s insecurity. Whether it’s hardcoded passwords, an
inability to authenticate its outward and inward connections or an inability to
update, there is little argument about their security. These products are often
rushed to market without a thought for this important factor.

Enterprises and governments are seizing the IoT
as a way to transform the way they do business, and utilities are doing the
same. Large infrastructures will increasingly be made up of IoT endpoints and
sensors – able to relay information to its operators and radically improve the
overall function of utilities.

Unfortunately, in the rush to innovation, eager
adopters often ignore the glaring security problems that shiny new inventions
often bring with them. In an industrial or utilities environment the IoT means
something that is similar at a descriptive level, but radically different in
real-world impact. A connected doll is one thing, a connected power plant is
another entirely!

The risks on utilities are real. There are
plenty of examples. Stuxnet, the virus which destroyed the Iranian nuclear
program is just one. The aforementioned attacks on the Ukrainian power grid
could be another. Furthermore Western governments, including France, now admit
that foreign actors are attempting to hack their utilities on a daily basis.

But if this is such a big problem, you might
ask, then why hasn’t it happened more often? Why haven’t we heard about such
potentially devastating attacks even more? Well, the fact is that many won’t
know they’ve already been hacked. Many organizations go for weeks, months and
often years without realizing that an attacker has been lurking within their
systems. The Ponemon Institute has found that the average time between an organization
being breached and the discovery of that fact is 191 days, nearly half a year.
This is especially true if one of those aged legacy systems has no way of
telling what is anomalous. Others may just hide their breach, as many
organizations do. Such attacks are often embarrassing, especially with the
regulatory implications and public backlash that a cyberattack on a utility
brings with it.

Furthermore, most attacks are often not
catastrophic events. They are commonly attempts to gain data or access to a
critical system. For most, that’s a valuable enough goal to pursue. Edging into
the more destructive possibilities of such an attack would essentially be an
act of war and not many cybercriminals want to earn the attention – or the ire
– of a nation state.

The theory of the
black swan –
theorized by Nassim Nicholas Taleb: a
situation that is hard to predict and seems wildly unlikely, but has
apocalyptic implications – fits perfectly here. We don’t know when, how or
if such an event might happen but we had better start preparing for it. Even if
the likelihood of such an event is small, the cost of waiting and not preparing
for it will be much higher. The IoT market, particularly in the utilities
sector need to start preparing for that black swan.

Public Key
Infrastructures (PKI) using certificates will allow utilities to overcome many of these
threats, providing unparalleled trust for an often hard to manage network.
It’s been built on interoperable and standardized protocols, which have been
protecting web-connected systems for decades. It offers the same for the IoT.

PKIs are highly scalable, making them a great
fit for industrial environments and utilities. The manner in which many
utilities will be seizing hold of the IoT is through the millions of sensors
that will feed data back to operators and streamline day-to-day operations,
making utilities more efficient. The sheer number of those connections and the
richness of the data flowing through them make them hard to manage, hard to
monitor and hard to secure.

A PKI ecosystem can secure the connections
between devices, the systems and those that use them. The same goes for older
systems, which have been designed for availability and convenience, but not for
the possibility of attack. Users, devices and systems will also be able to
mutually authenticate between each other, ensuring that behind each side of a
transaction is a trusted party.

The data that is constantly travelling back and
forth over those networks is encrypted under PKI using the latest cryptography.
Attackers that want to steal that data will find that their ill-gotten gains
are useless when they realize they can’t decrypt it.

Further ensuring the integrity of that data is
code signing. When devices need to update over the air, code signing lets you
know that the author of the updates is who they say they are and that their
code hasn’t been insecurely tampered with since they wrote it. Secure boot will
also prevent unauthorized code from loading when a device starts up. PKI will
only allow secure, trusted code to run on a device, hamstringing hackers and
ensuring the data integrity that utilities require.

The possibilities of an attack on a utility can
sometimes seem beyond the pale. Just a few years ago a hack on a power grid
seemed almost impossible. Today, news of IoT vulnerabilities regularly fills
headlines around the world. The full destructive implications of this new
situation have yet to be fully realized, but just because all we see are white
swans, it doesn’t mean a black one isn’t on its way.

Users will soon start demanding these security
provisions from companies. The Federal Energy Regulatory Commission (FERC) has
recently fined a utility company that was found guilty of 127 different
security violations $10 million. The company wasn’t named, but pressure groups
have recently mounted a campaign, filing a petition with FERC to publicly name
and shame it. Moreover, with the advent of the General Data Protection
Regulation and the NIS directive last year, utilities now have to look a lot
closer at the way they protect their data. All over the world, governments are
looking at how to secure the IoT, especially when it comes to the physical
safety risks involved. Utilities security matters because utilities hold a
critical role in the functioning of society. It is just as important that they
be dragged into the 21st century, as they are protected from it. PKIs can offer
a way to do just that.

Mike Ahmadi, DigiCert VP of Industrial IoT
Security, works closely with automotive, industrial control and healthcare
industry standards bodies, leading device manufacturers and enterprises to
advance cybersecurity best practices and solutions to protecting against
evolving threats.

This article on the publication of Mike Ahmadi, is from an article of Intersec website.

In a previous article of Lucie Loos dated of the 21st of last February, the study by the Duma, the lower Chamber of the Russian Parliament, of a draft legislation with the aim to create a “sovereign Internet” in Russia was mentioned. With this law, the country would be able to function in total independence if Russia was cut from the major global servers, by creating Russia’s internal DNS system, which would ensure the link between web address and IP address of the corresponding web servers, without relying on the root servers of the global Internet.

On Wednesday, the 1st
of May 2019, Vladimir Putin signed a bill to create Russia’s “Sovereign
Internet” into law, its entry into force is planned for November 2019.

Sovereign Internet: IT security or control of Internet?

The bill thus plans to create an “infrastructure
allowing to ensure the functioning of the Russian Internet resources in case of
the impossibility for the Russian operators to connect to the foreign sources
Internet servers”.

The Russian Internet service providers will
have to implement technical means allowing a “centralized control of the
traffic” on their networks in order to face potential cyberattacks from foreign
powerful countries. A control that will be done by Roskomnadzor, the agency in
charge of the monitoring of the Russian Telecom and Medias, which has been often
accused of arbitrarily blocking web content, and by the Russian Federal
Security Service (FSB).

Officially, the “sovereign Internet” was
created for the purpose of IT security, but according to many experts, this
might be an excuse. This bill is criticized and deemed by many militants as an
attempt to control web contents and progressively isolate the Russian Internet
in an environment of increasing pressure from the authorities regarding the
freedom of expression on Internet.

Many rallies against this bill were organized in Moscow and gathered thousands of Russians last March. Several weeks later, in a joint statement, many international human rights and freedom of expression organizations, of which Reporters without borders and Human Rights Watch, had called on Vladimir Putin not to sign the bill that is “against Moscow’s international commitments in terms of respect for Human rights and particularly poses a threat to media freedom and the rights to freedom of information for people in Russia”. Despite this, the Russian president chose to ignore it and thus the bill was signed on the 1st of May 2019, and will enter into force starting this coming November.

At a time of a growing awareness by companies that domain names have become strategic intangible assets, sometimes having a higher value than brands, Nameshield is happy to inform you that it has overseen and financed, during three years, the CIFRE thesis of Mr. Clement GENTY, who received his PhD, covering the subject: Internet governance and global economy: proposal of a valuation model of a domain name’s value as intangible asset.

Publicly defended on April, 23rd 2019, at Angers’ Laboratory of engineering,
processes and innovation of the “Ecole
Nationale Supérieure d’Arts et Métiers of Paris Tech”, first, the thesis
compiles a state of the art and a historical overview of the domain name
diffusion in the World since the Domain Name System’s creation (DNS) in 1983.
It demonstrates the loss of the link between identification/trust by the
abolition of the initial naming rules for the benefit of an unbridled and
mercantile economic development from the registries.

The second part of the thesis is dedicated to
an analysis of the technical and semantic parameters allowing to define the
domain names’ average value.

The third part of the thesis presents a
monetary valuation tool for domain names, developed by Nameshield as part of
the research work, and based on a database of
more than 1.4 million transactions passed.

This scientific research work, validated by
this thesis, falls within a vast process initiated by Nameshield for many years
in order to raise awareness of the value of the domain names’ strategic
intangible assets, and to evaluate them. This work led by Jean-Manuel GAGET,
Nameshield’s Strategy and Consulting Director, focuses in particular on:

A consulting activity regarding the optimization of a domain names’ portfolio management, through a naming and defense strategy adapted to the real issues;

A process of extra-financial rating and valuation of the capital domain name, integrated to the “Thesaurus Capital immatériel”, which measures intangible assets of all kinds, promoted by the “Institut de comptabilité de l’immatériel” (Intangible accounting Institute);

A method of domain names analysis and a domain names monetary valuation tool, scientifically validated today by this thesis.

The decision of the Council of State at the end of 2016, which focuses on the taxation applicable to the domain name ebay.fr has strengthened the obligation of the companies to monetarily valuate their domain names well, in order to account them as intangible assets under some conditions. As such, the tax experts are highly interested in the domain names’ issues in the constitution of the transfer price. This first world thesis on the economy of the domain names and their valuation will serve without a doubt as a useful material to the reflection of the financial world’s actors on this subject.

As with each event where massive interest is
expected, the launch of the final season of Game of Thrones is a golden
opportunity for pirates.

According to a Kaspersky’ study, this series would be the favorite of the cybercriminals. It represented 17% of the infected contents last year, i.e. 20 934 web users! According to this same study, the most targeted episodes are logically the first and last episodes of the season.

For if the fans are many in France, without
subscription, the only solution to watch the so awaited episodes is illegal
downloading on torrent websites.

It is through this means that the
cybercriminals infect the unsuspecting web users’ computers. First warning, do
not install programs at the request of the torrent websites, they can contain a
malware!

Indeed, two kinds of
frauds are principally used:

Malwares: the malicious software are launched on
torrent websites used by the fans of the series to access to the watching of
the precious episodes.

Phishing: many phishing attempts have been counted, the
pirates use the official image of Game of Thrones to try to retrieves your
personal data.

This season, the cybercriminals are almost as
creative as the scriptwriters of the successful series: many and various fake
contests allow these hackers to collect email addresses and other bank details.

Counterfeiting is also in the game, with an
observed increase of websites proposing many so-called “official” products but
being nothing more than counterfeits.

Thus, Nameshield
recommends to the fans to be highly vigilant!

For reminder, here are the basic principles to
respect in order to serenely navigate and not be trapped by unscrupulous
hackers:

Do
not download any plugin of suspicious origin

Properly
analyze the URLs before any purchase

Check
the presence of the famous HTTPS

Check
that the final address corresponds to the searched website

As always on the web, an extra vigilance is
needed, because if spring wins our regions, don’t forget that on the web,
winter is coming…

On April 15, 2019, ANSSI (the National Cybersecurity Agency of France), unveiled its annual report during a press conference. The agency identified 1869 alerts, 391 incidents without counting critical importance operators, 16 major incidents and 14 cyber defence operations for 2018. ANSSI also identified 5 major trends in terms of cyber threats observed in France and in Europe in 2018.

Analysis of cyber threat in 2018 – The 5 major trends

1.Cyber-espionage

Major concern for ANSSI in 2018, according to
the agency, cyber-espionage represents the highest risk for the organizations.

Extremely discrete, benefiting from important
financial resources, the attackers plan for many years highly targeted and
highly sophisticated attacks. In 2018, it was noted that the cyber attackers
are increasingly interested in vital activity sectors and specific critical
infrastructures like the defence, health or research sectors.

2.Indirect attacks

According to ANSSI, indirect attacks have known
an important increase in 2018. Indeed, to avoid the security measures
implemented by big companies, which are more and more aware of the cyber risk,
the attackers aim intermediaries, like providers, who are more vulnerable, to reach
their final targets.

Compromising one partner is enough to reach
many companies. So it is essential to choose partners that place their
information system’s security at the top of their concerns.

3.Destabilization and influence operations

Because of the nature of the targets and the
claims, these attacks though technically moderate, have often an important
symbolic impact. An increase has been observed in 2018.

4.Cryptojacking

For reminder, cryptojacking is a cyberattack
that consists in using the computer’s power of its victim to mine
cryptocurrency.

In 2018, many attacks of this kind were
observed. The more and more organized attackers benefit from the security flaws
to compromise their victims’ equipment by placing cryptocurrencies’ miners
without them knowing it.

5.Online frauds

Online frauds represent as much of a constant cyber threat for the companies and the big organizations as for the individuals. ANSSI noted an important growth of online frauds last year. Big operators are becoming more concerned about cybersecurity, so the attackers turn towards targets less exposed but more vulnerable, like territorial authorities or actors in the health sector which thus were the targets of many phishing attacks in 2018.

Conclusion

The multiplicity and the magnitude of the attacks observed during 2018, prove that it is essential to implement security measures to prevent these cyber threats, within big organizations, big groups as well as small companies.

“The
conclusion is clear: 2018 proves once again that digital risk, far from being
ethereal, must be at the heart of our concerns. Not only those of ANSSI! The
cyberattacks affect all of society. That is why we must all seize the matter.” explains
Guillaume Poupard, ANSSI’s General Director.

]]>Status of ongoing projects after ICANN64https://blog.nameshield.com/blog/2019/04/19/status-of-ongoing-projects-after-icann64/?utm_source=rss&utm_medium=rss&utm_campaign=status-of-ongoing-projects-after-icann64
Fri, 19 Apr 2019 14:15:14 +0000https://blog.nameshield.com/?p=1126Continue reading "Status of ongoing projects after ICANN64"]]>A month ago, ICANN held its first annual meeting with the
Internet community in Kobe, Japan. At this summit, ICANN presented the major
projects of the year and those of the coming years. Let’s look back at the main
topics.

The implicitely constraint
of the GDPR

While in May 2018, Europe adopted ambitious legislation to protect users’ personal data, ICANN imposed a regulatory framework on domain name players to bring the industry into line with the constraints of the GDPR.

In the absence of consensus, this framework was imposed when the GDPR came into force on May 25, 2018. It contains non-consensual provisions such as no longer publishing in the registry’s registration directory service, which currently operates via the Whois protocol, data that can be assimilated to personal data for contacts associated with domain names: registrant contacts, administrative contacts, technical contacts. Exit therefore the names, first names, postal addresses, telephone numbers and anonymization of email addresses or hidding via a contact form.

However, as provided for in the Bylaws, the rules governing the role and operation of ICANN, non-consensual rules may not be imposed beyond one year. ICANN therefore had the May 2019 deadline in mind throughout the Kobe meeting.

To build on this, last year ICANN initiated an expedited policy development process (ePDP) whose delicate mission was to develop consensus rules to replace the temporary provisions currently in place.

Shortly before ICANN64, this working group, in which Nameshield participates, submitted its proposals to the GNSO, the ICANN body that manages policy development for generic domain names. This report, which is currently open for comments, is expected to result in a final framework that will be submitted to the ICANN Board in early May for voting and promulgation.

The proposals outline a target date for implementation by 29 February 2020. ICANN has therefore focused its efforts on managing the transition period between May 2019 and this still distant deadline of February 2020. The prevailing approach is rather pragmatic as it consists in keeping the provisions currently in place such as the masking of personal data in the Whois until all the new provisions can be implemented by actors such as registrars and registries by the above-mentioned deadline.

Access to hidden data
subject to tensions

Launched in 2012 during the last round of openings of new domain name extensions but quickly relegated to the boxes, the RDAP (Registration Data Access Protocol), an alternative to the aging Whois protocol, has resurfaced with the GDPR because of its modularity, which allows, unlike Whois, to filter access to certain data according to the user’s profile.

ICANN confirmed in Kobe that this protocol will be widely deployed by this summer. First, this protocol will coexist alongside the Whois protocol. Registrars will therefore provide access to domain name data through both protocols.

The stakeholders present at ICANN64 also learnt about the project submitted by a technical study group mandated by ICANN on the operational way envisaged through the RDAP protocol for access to hidden domain name data. It has been the subject of tensions because it is not the result of a consensual process and ICANN suggested it could play a central role in collecting all requests to validate their authorization, with authentication of requests being carried out upstream by agents accredited by data protection authorities. This topic is also part of the new mission of the Policy Development Working Group (ePDP) in the coming months. Things can therefore evolve on this subject in the future.

Goran Marby, ICANN CEO, speaking on the proposed functioning of access to hidden data for domain names through the future RDAP

A multi-year
strategic plan

At ICANN64, ICANN also presented progress on the implementation of a strategic operating plan for the organization for the period 2021-2025.

The adoption of a five-year plan is new for this organization, which has always operated on an annual basis. This plan must determine the priorities for the coming years, which is also a novelty in a context where multiple projects have always been carried out simultaneously without any real prioritization.

We already know that DNS security is one of the major issues of the coming period. Among the priorities identified are the reinforced fight against malware and the increased security of the DNS, in particular through a faster deployment of DNSSEC.

For the next round of new domain names extensions openings also mentioned, ICANN has also indicated that it will take into account the lessons learned from the previous round. Among them, new extensions are ten times more targeted than historical generic extensions (like .COM,.NET,.ORG,.BIZ,.INFO) by malicious practices such as typosquatting and dotsquatting on which phishing and pharming practices proliferate.

Feel free to contact your Nameshield consultant, who is very knowledgeable on all these subjects.

In its last quarterly report, Nexusguard stated that after the FBI closed 15 websites providing cyberattacks services, a decrease of 85% of the DDoS attacks’ scale and 24% of big attacks were observed.

In the same way, these closings would lead to the decrease of 11% of the
attacks’ volume comparing to the same period in 2018 and at an international
level.

Indeed, it was in December 2018 that the FBI successfully shut down 15 websites proposing DDoS attacks services, called “booters” or “booters services” in the business.

To achieve their goals, these booters use IP stresser, which originally are tools allowing to test the server or the network’s resilience. The cybercriminals hijack these IP stresser and send through them a large volume of requests towards the servers until they are overloaded and unable to respond anymore.

The Nexusguard report also indicates that the 15 websites closed by the FBI would be the technical source of about 11% of the global DDoS attacks of various sizes since 2014. Of course, this decrease might only be temporary, the multiplication of bot networks being the real plague of our decade in terms of cybercriminality.

In the domain names’ world, the rules applied by many registries of “first come, first served” often lead to many cases of abusive registrations and of cybersquatting in particular. This is a practice that consists in taking a domain name by registering it, using or mentioning a trademark, a business name, a patronym or any name on which the applicant has any right, in order to make material or moral profit from its current or future notoriety.

In order to fight against these fraudulent actions and to assert their rights, brands’ owners can implement a targeted action to recuperate or suppress the cybersquatted domain name, called UDRP procedure (Uniform Domain Name Dispute Resolution Policy). This procedure is administered by an Arbitration Center like the one of the WIPO, the World Intellectual Property Organization.

According to the WIPO’s General Director, Francis
Gurry: “Domain names involving fraud and
phishing or counterfeit goods pose the most obvious threats, but all forms of
cybersquatting affect consumers. WIPO’s UDRP caseload reflects the continuing
need for vigilance on the part of trademark owners around the world.”

UDRP complaints filed with WIPO in 2018*

On March 15, 2019, the WIPO published its last annual report on domain names’ disputes.

In 2018, the WIPO’s Arbitration and Mediation Center received a record of 3447 UDRP cases filed by brands’ owners, i.e a rise of 12% compared to the previous year.

On the article dated from February 22, 2019, we discussed about the Brexit’s consequences on the .EU domain names and the publication of the action plan by EURid, the .EU registry, following two scenarios, in case of no deal or in case of a withdrawal agreement between the United Kingdom and the European Union.

In short, as a result of the Brexit, companies and individuals, holders
of a .EU will no longer be able to renew or register names in .EU if they are
not residing in the European Union.

In case of no deal, .EU domain names’ holders will have 2 months from March 30, 2019 to demonstrate their eligibility or to transfer their name to an
eligible registrant (whose country code isn’t either GB/GI). All registrants
who did not demonstrate their eligibility will be deemed ineligible and their
domain names will be withdrawn.

In case there is a withdrawal agreement, this plan of actions will be
implemented as of January
1, 2021.

Due to ongoing uncertainties over the United Kingdom’s withdrawal from the European Union, EURid announced on March 22, 2019, that this plan would be placed on hold while waiting for an official update from the European Commission.

To be continued.

]]>The .UK soon available to all: .CO.UK’s holders, don’t miss the end of the priority period!https://blog.nameshield.com/blog/2019/03/15/the-uk-soon-available-to-all-co-uks-holders-dont-miss-the-end-of-the-priority-period/?utm_source=rss&utm_medium=rss&utm_campaign=the-uk-soon-available-to-all-co-uks-holders-dont-miss-the-end-of-the-priority-period
Fri, 15 Mar 2019 16:48:22 +0000https://blog.nameshield.com/?p=1116Continue reading "The .UK soon available to all: .CO.UK’s holders, don’t miss the end of the priority period!"]]>Image source: 12019 via Pixabay

Remember, in June 2014, Nominet, the registry of .CO.UK, launched the
opening of the .UK registrations. At the time of the extension’s launch, the
registry applied a 5 years restriction during which the .UK registration rights
were restricted to the holders of the corresponding names in .CO.UK, .ORG.UK,
.ME.UK, .NET.UK, .LTD.UK or .PLC.UK.

The 1st of July 2019 will mark the end of the period when .UK extensions were blocked from registration if the .CO.UK was not already registered. The names will then be opened to all! If you are already a .CO.UK domain name’s holder, don’t hesitate to contact your Nameshield’s consultant before the end of the priority period to reserve your corresponding name in .UK and thus prevent a third party to do it on the general availability period.

After the launches of the .APP and .PAGE,
Google launched .DEV on January 16, its new extension dedicated to developers
and technology, following the calendar below:

Sunrise period: from 2019/01/16 to 2019/02/19

EAP (Early Access
Program): from 2019/02/19 to 2019/02/28

General availability: from 2019/02/28

Since February 28, 2019, the .DEV is in general availability and already
has more than 64 000 domain names’ registrations according to Domain Name
Wire.

To promote this new extension and for the Google I/O 2019 , its annual event for developers (which will be held on May 7-9, 2019 at the Shoreline Amphitheatre in Mountain View), Google proposes the free registration for 1 year of a .DEV domain name for all ticket booked. But the registrations resulting of this promotional campaign only represent a small part of the 64 000 .DEV domain names registered.

During the last months, Google itself has launched or relaunched many of
its websites in .DEV: web.dev, opensource.dev, flutter.dev…

Other companies have also chosen to register their domain names in .DEV
like Mozilla with mdn.dev, Salesforce with crm.dev and Level Access with
accessibility.dev.

The HTTPS mandatory for all .DEV domain names

As mentioned in a previous article by Christophe GERARD, Nameshield’s Security Product Manager, as reminder, Google in its goal of a more secure Internet, makes HTTPS encryption mandatory for all its new extensions: .APP, .PAGE, .HOW, .DEV… (More details in this article).

Thus, .DEV extension is included on the HSTS pre-upload list, requiring
HTTPS protocol on all .DEV domain names.

Therefore, in order to use a .DEV domain name, you will need to acquire
a SSL certificate and deploy HTTPS.

From tools to platforms, programming languages to blogs, this extension
will allow you to present your projects. Don’t hesitate to contact a Nameshield’s
consultant for any questions regarding the conditions for the registration of
your .DEV.

Launched in 1999, the UDRP process (Uniform Domain Name Policy) is today the fastest and the most affordable solution for resolving clear cases of cybersquatting.

Indeed, UDRP offers to brands
owners a transparent process, carried out by independent experts allowing them
to retrieve or delete a domain name infringing their brands. It is important to
note that the expert cannot allocate the damages and interests to the requester.

MARQUES, a European association representing brand owners’ interests, raised,
on the 1st of February 2019 in a letter addressed to ICANN, the issue of the
costs supported by the brands owners for the defense of their brands in case of
cybersquatting.

The association collected several information regarding UDRP complaints
registered with seven Arbitrage Centers providing or having provided this
process, and in particular the ones concerning the number of UDRP complaints
filed and the associated costs.

In particular, between 1999 and December 2018, the WIPO (World
Intellectual Property Organization) registered 42 535 complaints filings. Knowing that the cost of the
arbitration fees of the WIPO (besides the representation fees) is at least
$1,500 USD, WIPO then collected at least $63,802,500
USD from administrative fees over nearly 20 years.

Furthermore, MARQUES proceeded to an estimation of the costs regarding
complaint filings by taking into account the fees of the representation by a
legal consultation and concluded that the cost of a UDRP complaint filing would
be $5,000 USD. Knowing the
arbitration fees, the representation fees by a legal consultation would then be
$3,500 USD.

Thus MARQUES estimates the costs (which regroup administrative fees and
legal consultation fees) supported by the trademarks owners are $360,190,000 USD for the period 1999 to
the end of 2018.

However, some members of the association, think that this is a low
estimation and that it would not take into account other expenses related to
the protection of their rights (revenue loss, monitoring costs, defensive
registration, lifting anonymity, research, etc).

]]>Attack on the domain name system: the priority is to protect your accesshttps://blog.nameshield.com/blog/2019/02/26/attack-on-the-domain-name-system/?utm_source=rss&utm_medium=rss&utm_campaign=attack-on-the-domain-name-system
Tue, 26 Feb 2019 14:55:14 +0000https://blog.nameshield.com/?p=1083Continue reading "Attack on the domain name system: the priority is to protect your access"]]>Image source : Geralt via Pixabay

Last weekend, the media has widely communicated on the consequences of
an unprecedented attack that targeted the domain names.

Indeed, during the night of 22-23 February ICANN reported the large-scale attacks on the domain names: it is DNS hijacking. These attacks consist in “replacing the authorized servers addresses” with “addresses of machines controlled by the attackers”, as explained by the organization, allowing the attackers to examine the data in order to find passwords, email addresses etc., even to completely capture the traffic towards their servers.

A wave of attacks that began in November 2018

Actually, this is not an attack but a wave of attacks that the domain
names system has endured for several weeks now.

Since the end of November 2018, an attack has targeted Lebanon and the
United Arab Emirates and affected .GOV domain names. In this attack, the
cybercriminals have proceeded with DNS hijacking.

At the beginning of January 2019, the company FireEye reported in an article, a wave of DNS hijacking that has affected domain names belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America.

If the attackers were then not identified, the initial research
suggested the attacks could be conducted by persons based in Iran.

Important fact regarding the attack of February 22: this time, it
struck, sometimes successfully, important actors of the Internet.

What are these attacks?

The method used is the DNS hijacking deployed on a large scale. This is
a malicious attack, also called DNS redirection. Its aim: overwrite the TCP/IP
parameters of a computer in order to redirect it towards a fraudulent DNS
server instead of the configured official DNS server. To do this, the attacker
takes control of the targeted machine through different techniques to alter the
DNS configurations.

The American government, among others, recently warned about these
series of highly sophisticated attacks of which the aim would be to siphon a
large volume of passwords. These attacks would target more specifically
governments and private companies.

Between DNS hijacking and cyber espionage

According to Talos’ article of November 2018, the attackers behind these attacks would have collected emails and connection information (login credentials – passwords) by hijacking the DNS, so that the traffic of the emails and the VPN (Virtual Private Networking) of the targeted institutions would be redirected to a server controlled by the cybercriminals.

Once the connectors collected, other attacks can be launched for
espionage purposes, like the Man-In-The-Middle.

Then how to effectively protect yourself?

You must be aware that if these attacks essentially aim the domain names
system, we can never say it enough, the
first entry point of your domain names portfolio for an attacker is your access
to the management platform.

The first and utmost recommendation is to protect your access

For many years, Nameshield has developed securing measures for the access to the domain names management platform (IP filter, ACL, HTTPS) and in addition proposes the 2 factors authentication and the SSO.

If these complementary solutions are still not implemented, Nameshield
strongly recommends to implement them, in particular the 2 factors
authentication in order to fight against passwords thefts.

To implement the DNSSEC protocol

The implementation of DNSSEC, if it was more widely deployed, would prevent or at least lessen the impact of these attacks by limiting their consequences.

It’s becoming increasingly urgent that DNSSEC is adopted on a massive
scale, for both resolvers and authoritative servers.

To protect your domain names

The implementation of a registry lock on your strategic names will prevent their fraudulent modifications.

Although no perfect solution exists today to fully protect the infrastructures from cyberattacks, it is the implementation of several preventive measures combined that will allow to reduce the vulnerabilities (so) easily exploited by the pirates.

On February 13, 2019, the Duma (lower Chamber of the Russian Parliament)
has begun to study a draft legislation with the aim to create a “sovereign
Internet” in Russia, meaning an ability to function in total independence if
Russia was cut from the major global servers. To achieve this, it will be
necessary to create an “infrastructure allowing to ensure the functioning of
the Russian Internet resources in case of the impossibility for the Russian
operators to connect to the foreign sources Internet servers”.

The Internet providers will have to implement systems allowing a
“centralized control of the traffic” on their networks.

The measures proposed would allow the Russian Internet (RuNet) to ensure
that the Russian part of the Internet functions efficiently. In other words,
the test will allow Russia to ensure that its domestic networks can operate in
full autonomy.

A response to the penalty threats?

If Russia talks about an assurance for a maintained
local availability, particularly in case of a large-scale cyberattack, this
draft legislation is also and clearly presented as a response to the
“aggressive nature of the new American cybersecurity strategy adopted in
September 2018” [mentioning Russia as a threat]. Indeed, Russia is the object
of many accusations regarding cyberattacks and cyber espionage (disruptions of
the American presidential elections in 2016 -exhortation of Stuart Peach, Chief
of the UK Defence staff in NATO, to take measures against Russia in December
2017, after the Russian submarines were detected near the Atlantic submarine
cables, which carry the communications between Europe and the USA – in January
2018, the Minister of UK Defence, Gavin Williamson, also accuses Russia of
spying the critical infrastructure of his country with the aim to create a “total
chaos” which could “result in thousands and thousands of deaths”, etc). NATO
and its allies have then threatened to punish Russia for these cyberattacks.

It’s in this context that Russia is planning a
full-scale test of disconnection of the global Internet network.

A full-scale test

For several years, this test has been prepared
by Russian authorities, who planned a DNS local backup (tested in 2014 and in
2018).

Indeed, the law plans the creation of Russia’s
internal DNS system, which would ensure the link between web address and IP
address of the corresponding web servers, without resting on the root servers
of the global Internet.

Validated by president Poutine, the draft
legislation has all its chances to be quickly adopted despite the reluctance of
some branches of the government because of the potential expenses entailed. On
the Russian Internet providers’ side, they seem to agree with the draft
legislation, as mentioned in the Russian press, but to this date, they do not
validate its technical implementation, which could create important
disturbances and other traffic disruptions in Russia.

Of course, it is easy to see that this
experience will simultaneously test the Internet providers‘ ability to direct
data towards routing points controlled by the Russian government, since a
filter would be implemented to stop the flow of data towards foreign servers.

Would Russia move towards a system of traffic
filtering, beyond ensuring a national intranet that maintains an operational
connection inside the borders even in case of a massive cyberattack? It is reminiscent
of the significant Chinese firewall (Internet monitoring and censorship project
managed by the Ministry of Public Security of the People’s Republic of China,
initiated in 1998 and of which activities began in November 2003).

The Russian test could happen on the 1st of
April 2019. To be
continued.

In a previous article, we discussed the Brexit’s consequences on .EU domain names, the European Commission announced on 28 March 2018 that companies and individuals, holders of a .EU will no longer be able to renew or register names in .EU if they are not residing in the European Union.

With the Brexit’s date approaching, EURid, .EU registry, has recently published its action plan that has two scenarios depending on the case there is no deal or the case there is a withdrawal agreement between the United Kingdom and the European Union. In the second case, it will be the same actions but they will be implemented on different dates (from December 2020).

Scenario 1: The United
Kingdom leaves the European Union with no deal on 30 March 2019

New registrations

From 30 March 2019: EURid will not allow the
registration of any new domain name from registrant declaring an address in Great
Britain (country code GB) or in Gibraltar (country code GI).

.EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal

On 23 March 2019: EURid will notify by email both
GB/GI registrants and their registrars about the forthcoming non-compliance of
the data associated to their domain name within the .EU regulatory framework.

On 30 March 2019: EURid will again notify by email
both GB/GI registrants and their registrars that their domain name is not in compliance
with the .EU regulatory framework.

Before 30 May 2019: Registrants will be given the
possibility to demonstrate their compliance with the .EU regulatory framework
by updating their contact data.

During this two months period, the domain names in question will remain active and the following actions are possible:

-Term extension, unless accompanied by a transfer request to an eligible registrant;

-Automatic renewal for domain names that expire in the period between 30 March 2019 and 30 May 2019.

As of 30 May 2019: All registrants who did not
demonstrate their eligibility will be deemed ineligible and their domain names
will be withdrawn.

On 30 March 2020, i.e. twelve months after the UK
withdrawal: All the affected domain names will become available for general registration.

For. EU domain names that are in the ON-HOLD status at the time of UK withdrawal: They will remain registered until there is an outcome of the court case. However, they will be suspended and will cease to function as of 30 May 2019.

-If a court ruling establishes a transfer to an eligible party, that decision will be implemented in the usual way.

-If the domain name stays with the GB/GI registrant, the domain name will be withdrawn.

For .EU domain names that are in the
SUSPENDED status at the time of UK withdrawal: Evaluation by the registry on a case-by-case
basis, moving forward if appropriate, with the withdrawal of the domain name.

For .EU domain names that are in the QUARANTINE status at the time of UK withdrawal:

-No transfer to GB/GI registrants from quarantine will be possible during the two months period.

-Transfer to a non-GB/GI registrant will be possible.

Scenario 2: The United
Kingdom leaves the European Union with a planned transitional period on 31
December 2020

It will be the same actions but they will be
implemented on different dates.

New registrations

From 1 January 2021: EURid will not allow the
registration of any new domain name from registrant whose country code is
either GB/GI.

.EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal

23 December 2020: First email sent about the
non-compliance of the data associated to the domain name.

1 January 2021: Second email sent about the
non-compliance.

Before 2 March 2021: Possibility for the registrants to
demonstrate their compliance with the .EU regulatory framework by updating
their contact data.

As of 2 March 2021: All registrants who did not
demonstrate their eligibility will be deemed ineligible and their domain names
will be withdrawn.

On 1 January 2022: All the affected domain names will
become available for general registration.

The actions planned in the first scenario
regarding the different status « ON HOLD », « SUSPENDED » and « QUARANTINE »,
will also be applied in the second scenario.

The Brexit’s consequences thus force the
British to rethink their domain names strategy. Indeed, the loss of their .EU domain
names will be an opportunity for cybersquatters who reside in the E.U. and meet
the eligibility criteria, they would then have the rights to register these .EU
domain names.
Nameshield’s team is at your disposal to reply
to all your questions and to propose you the best recommendations regarding
your domain names’ portfolio management.

]]>Can the DNS have an impact on the SEO?https://blog.nameshield.com/blog/2019/02/21/can-the-dns-have-an-impact-on-the-seo/?utm_source=rss&utm_medium=rss&utm_campaign=can-the-dns-have-an-impact-on-the-seo
Thu, 21 Feb 2019 15:44:53 +0000https://blog.nameshield.com/?p=1107Continue reading "Can the DNS have an impact on the SEO?"]]>Image source : geralt via Pixabay

This is a recurrent question from our customers: does the use of the
DNS, whether it is good or bad, have an impact on the websites’ SEO? We have
already discussed about the impact of a HTTPS website on the SEO, this is now
the occasion to focus on the side of the DNS.

The DNS is an invisible process, implemented in the background, it’s
difficult to comprehend why it can help or affect a website’s performance and
the ranking in search engines, more particularly on Google.

This article will approach the possible impact of the DNS in response to
the following questions:

Does the modification of
a DNS record affect the SEO?

Does the change of the
DNS provider affect the SEO?

Which part of the DNS
plays in a website’s migration?

Does the change of a
website’s IP address affect the website’s SEO?

Quid of the DNSSEC
implementation?

Can a DNS breakdown
affect the SEO?

Can a faster DNS increase
the SEO?

Does the change at the DNS level affect the SEO?

1. Modification of a DNS record, be careful of the TTL

The domain name’s redirection towards the corresponding web server often
passes through the creation of a A type record (IPv4 address). The A record
will then direct the traffic towards the IP address of the destination web
server. The modification of this record can lead to performance problems.

Indeed, to optimize the response time, the DNS system allows the information caching with the DNS resolver
servers for a given time, the duration of the TTL (Time to live) defined by the
technical manager of the domain name, during its configuration. The usual TTL,
like the one recommended by ANSSI, is several hours for the usual uses of
domain names (websites). In the case of a A record modification, this one could
be taken into account only at the end of the TTL. Then web users could still
access to the former record configurations for a few minutes or even several
hours after the modifications.

Thus it’s important to
reduce the TTL, even temporarily during these modifications.

But does that affect the SEO? Yes, it does and no, it doesn’t. In the
case of users being sent towards a destination that no longer exists, Google
will consider this as a 404 error. Beyond the negative user experience, this is
not directly a SEO factor. However be careful of the possible existence of backlinks
and the too high numbers of 404 errors. A low TTL allows to limit the impact
during these modifications.

2. Modification of the DNS declared for a domain name

A domain name is associated to the name servers (NS/Name Servers) which allow
the right DNS resolution. The DNS service searches the information on these NS.
These NS can be modified during the change of the provider managing the domain
name, or simply to pass from a DNS infrastructure to another. Will the change
of the name server affect the SEO?

Depending on the provider and the chosen infrastructure, the resolution
time could be more or less short with a possible impact of improvement or
decrease regarding the SERP (Search Engine Result Page). Indeed, the resolution
time is taken into account by Google (see after).

And like for a record change, it is recommended to reduce the lifespan
of the records before modifying the name servers, so the DNS resolvers don’t
keep in cache the former information.

3. Risk associated to the DNS during the website’s migration

This is the same principle discussed previously. The modifications of
the DNS configurations don’t directly affect the SEO, but can lead to a bad
user’s experience. The TTL should also be seen as a useful mean to take into
consideration.

Which specific cases to consider?

Change of web hosting provider

Change of DNS hosting
provider?

Move the traffic of www.
towards a “nude domain” (without www.)

Move your domain towards
a CDN (content diffusion network)

4. Change of the destination IP address

No. During the modification of a record pointing from a termination
point to another, the SEO is not affected. The only (very rare) exception to
this rule would be to point a domain towards a termination point that would
have been already identified as a spam server (for example, the IP address of a
shared server).

However, be careful of the IP address in question, one of the (many)
rules of Google’s SEO is that an IP address used for a website should be
located near the final user.

5. DNSSEC implementation

DNSSEC allows to authenticate the DNS resolution through a chain of
trust between the different DNS servers of this resolution. Just like for the
HTTPS, this is an additional security layer to implement. And like for the
HTTPS, the pages’ loading time is affected, and therefore potentially the
associated SEO. To put this into perspective, DNSSEC is essential to web users’
surfing and it is recommended to implement it.
Most companies that propose security audit regarding domain names
consider DNSSEC as necessary and then as a notation criteria.

Do faster DNS increase the SEO?

Google admitted that the loading time of a web page has an impact on the
SERP results. The times of the DNS research are in general less than a second,
they can nevertheless affect the loading of a webpage in the following cases:

1. Recurring breakdowns on the DNS infrastructure

When a DNS cannot resolve or takes more time than usual, it can add many
seconds to the time of a page loading. In case of lack of reliability and
recurring unavailability, the impact on SEO is proved… Not mentioning the user
experience in front of these repetitive failures (increase of the bounce rate,
decrease of customers’ retention and impact on the trust in the brand, if not
revenue loss). It is important to rely on a reliable and trustworthy
infrastructure.

2. Quality of the network and points of presence

This is purely and simply physics, the nearest a names server is to the
final user, the less time is needed to respond to its request. The DNS networks
called “anycast” (optimized addressing and routing towards “the nearest” or the
“more efficient” server) with many points of presence in the world, allow to
optimize the response time depending on the geographical location.

Another important point is to have at least three names servers that are
authority (SOA) for a domain name, ideally based on different domain names and
TLDs, in order to reduce the risk of SPOF (Single Point of Failure) of an
infrastructure. Indeed, if an infrastructure relies on the same domain name, an
unavailability of this domain name, for whatever the reason, leads to the
unavailability of the DNS infrastructure. Likewise, at the TLDs’ level and even
if it is less likely, a problem of registry availability would affect all the
DNS infrastructure.

3. Be careful of “extended” DNS configurations

It’s not unusual to have DNS configurations which send towards a final
destination through several steps like in the example below. As a consequence, the resolution time is
affected and potentially, the performance in terms of SEO.

fr.wikipedia.org. IN
CNAME text.wikimedia.org.

text.wikimedia.org. IN
CNAME text.esams.wikimedia.org.

text.esams.wikimedia.org.
IN A 91.198.174.232

Conclusion

The SEO is a science to consider as a whole. Thus, as we have seen
through the impact of the HTTPS adoption of a website, this is a referencing
factor among others and all things being equal, then this is particularly
important in order to achieve a competitive edge on the first page of results.

The same applies to the impact of DNS on the SEO. Can the DNS have an
impact? Yes, it clearly can in the case of incorrect configurations, or in the
case that the DNS infrastructures do not allow response times fast enough. A
DNS infrastructure called anycast is essential for any domain name carrying an
important web traffic, even more at an international level. This is a data to
integrate in a whole, and this thinking should be in a global approach of the
SEO with the web marketing team.

Lately, the DNS keeps being talked about! After the first KSK rollover
of October 2018, then the deactivation of the former KSK key on last January
11, here comes the time of the DNS Flag
Day!

DNS Flag Day: What is it all about?

The Flag day is an expression used in IT to indicate the deadline and/or
radical change.

Let us remember that when it was created, the weight of cybercrime
threats affecting the DNS infrastructure didn’t exist. If the security was
relegated to the background, the evolution of attacks have made it absolutely
necessary: The DNS must be strengthened!

It’s in this context that the EDNS standard has been created in 1999 (updated in 2013 in the RFC6891). EDNS has particularly allowed the implementation of DNSSEC, the DNS’ geolocation and other measures aiming to strengthen the security.

This transition was not without difficulties. Abusive EDNS standard
adoptions, lack of updates, bypasses have led to the creation of many patches
and accommodations of the recursive servers’ code (particularly, in order to be
able to differentiate DNS servers which cannot properly support EDNS from the
ones unreachable for other reasons).

Two decades later, the maintenance of all these patched software has
become more than difficult and leads to bugs that can compromise the DNS
security. Obviously, the weight of these patches affects the speed of the
response times.

It’s time for this standard to be implemented by all, or they will no
longer be able to efficiently deal with new DNS attacks, like amplification or
layer 7 attacks.

That’s why, major IT actors (Google, Cloudfare, Facebook, Cisco..), of which the developers of recursive servers decided as one to no longer support DNS servers that do not respect the EDNS standard as of February 1, 2019. The Flag Day arrives!

And concretely?

From the DNS Flag Day, on
February 1, all the DNS servers not in
compliance with the EDNS standard (or not functioning because of a firewall
incompatible with EDNS), thus not responding to EDNS requests will be considered as unreachable;
accommodations and other patches being removed from the new versions of the DNS
software.

To simplify, not placed on compatible DNS, your domain name may no
longer respond.

How to anticipate?

That is why it is important to ensure that DNS servers hosting your
names‘ zones are compatible EDNS, in particular if they are not placed on
Nameshield’s DNS infrastructure or if your company maintains its own
infrastructure.

The CESIN (Club of Information and digital security experts) just published the fourth edition of its annual barometer realized with OpinionWay within its 174 members, 84% are CISO (Chief information security officer) of big French companies. This annual study allows to better define the perception and reality of cybersecurity and its issues within the companies which are members of CESIN.

The most common cyberattacks and their impacts

During these twelve last months, although the
attacks number tends to stabilize, 80% of the interviewed companies have been
the victims of at least one cyberattack, and the consequences on the business (stopping
of the production, unavailable website, revenue loss…) are more important than
in 2017.

Each year, companies face five kinds of
cyberattack on average.

Among the attacks suffered, phishing is the
most frequent with 73% of companies affected, followed by the “Fake President” fraud with 50% of the respondents affected,
then in third position is the ransomware and the malware infection.

Regarding cyber risks, Shadow IT is the most
frequently encountered risk, 64% of the interviewed CISO estimate that this is
a threat to deal with. Indeed, the implementation and use of non-approved and often
free applications can escape the control of the Information systems department.

Cloud and IoT: the impact of the digital transformation on the security of Information systems

For 98% of the companies, digital
transformation has a real impact on the security of Information and data
systems and increases the cyberattacks’ perimeter. Particularly through the
important use of Cloud, used by 87% of the companies, of which 52% store their
data in public Clouds.

This use of Cloud represents an important risk
because of the lack of control from the hosting provider regarding the
company’s data (through administrators or others), or regarding the
subcontracting chain used by the hosting provider, or even regarding the data
not deleted. For 89% of the CISO, these issues imply the use of complementary
securing tools to the ones proposed by the service provider in order to secure
the data stored in the Cloud.

Concerning IoT (Internet of Things), the race
for innovation and the increasingly common use of connected things lead to the
apparition of new cybersecurity threats, notably due to security flaws in these
devices.

A cyber resilience to develop

To face these cyber risks, the CISO develop
many technical solutions.

However, despite all these solutions, the CISO
are less confident comparing to last year regarding the company’s capacity to
face these cyber risks, and less than one out of two estimates that their
company is prepared to manage a large scale cyberattack. And yet, only 12% have
implemented a real cyber resilience program, it is in process for 33% and 34%
are planning to implement one.

Three essentially human issues for the future of the cybersecurity

Awareness of the user

According to 61% of the interviewed CISO, the main
issue for the future of the cybersecurity is the training and the awareness of
the users to the cybersecurity issue. According to the respondents, “even if
the employees are aware, they are still not involved enough and do not
necessarily follow the recommendations. An important education work remains.”

Governance of the cybersecurity

For 60% of the respondents, the governance of
the cybersecurity needs to be placed at the right level. Although the
compliance to the GDPR allowed the companies to be aware of the data protection
issues, the confidence in the ability of the executive committee to take into
account the cybersecurity issues stays uneven depending on the activity
sectors.

Human resources

The lack of Information system security profiles
observed by 91% of the CISO, is a real challenge for the companies while 50% of
these companies plan to increase the workforce allocated to cybersecurity.

DomainTools sued by DNCL

In June 2018, .NZ registry, DNCL (Domain Name Commission Limited) sued the American company specialized in tools of monitoring and investigation, on the ground that it violated the registry’s terms of use.

The DNCL was successful and the Federal Court
in the State of Washington granted a preliminary injunction that banned
DomainTools to collect the whois data of .NZ and ordered the suppression of the
data used in the existing publications, while the lawsuit proceeded.

Indeed, since June 2016, .NZ registry has indicated
in its terms that it was now forbidden to copy the domain names holders’ data.

DomainTools appeals the
injunction decision

Without surprise, DomainTools, that first indicated
that the use of these data was also of general interest, these data being used
by its customers in the context of the fight for cybersecurity, appealed the
preliminary injunction.

Of course, this trial reflects the terms of the
debate which took place at ICANN regarding the General data protection
regulation (GDPR).

DomainTools is mentioned in the American draft
legislation unveiled by the Internet Governance Project, which indicates as
such, that this attempt would be led by different lobbies. The Transparent,
Open and Secure Internet Act of 2018, dated from August 16, 2018 mentions these
two possibilities of evolution:

The
first called “large” proposes keeping a whois with a wide enough spectrum of
information (more or less the same as our old fashioned whois)

The
second, more limited, would keep this obligation to publish the data to the American
residents or to the actors targeting a business activity on the US market.

An intense debate about the GDPR

This trial reminds us how the debates regarding
the GDPR implementation are intense within ICANN, opposing actors using the now
so precious data and the privacy advocates, supported by the WP29 (Article 29
Data Protection Working Party) that mentions in particular the applicable sanctions.

Finally, it should be reminded that the GAC
attempts to minimize the consequences of the European regulation. After being
dismissed by the German Court from their attack in May 2018, which aimed a
registrar that stopped to provide customers data under the GDPR, the GAC aims
to obtain from the EU’s Court of Justice a favorable decision on this subject.
The debate about the DomainTools case deserves
to be followed closely!

Upstream to the Annual Meeting in Davos that took place on January 22 to 25 in Switzerland, the World Economic Forum presented its Global Risks Report, a report which highlights the main global risks and issues, based on a survey of 1000 international decision-makers from the public sector, private sector, academia and civil society. So what are the main risks that the World is facing?

Cyber risks in the top 5

For the third year in a row, environment-related risks are at the top of the decision-makers’ concerns. They hold the top three of the risks likely to occur in 2019, followed by technology risks which are Data fraud or theft in 4th place, and cyberattacks in 5th.

Thus in 2019, 82% of the interviewed experts
expect data and money theft, and 80% expect services and infrastructures
disruptions resulting from cyberattacks.

The 5 risks most likely
to occur according to experts

Extreme
weather events

Failure
of climate-change mitigation and adaptation

Natural
disasters

Data fraud or theft

Cyberattacks

The top 10 risks in terms of impact

Weapons
of mass destruction

Failure
of climate-change mitigation and adaptation

Extreme
weather events

Water
crisis

Natural
disasters

Biodiversity
loss and ecosystem collapse

Cyberattacks

Critical information infrastructure breakdown

Man-made
environmental disasters

Spread
of infectious diseases

Cyberattacks take the 7th place, and
the critical information infrastructure breakdown the 8th place of
the ranking, hence making it into the top 10.

Regarding technology, Børge Brende, the World
Economic Forum’s President highlights that “Technology
continues to play a profound role in shaping the global risks landscape.
Concerns about data fraud and cyber-attacks were prominent again in the GRPS,
which also highlighted a number of other technological vulnerabilities: around
two-thirds of respondents expect the risks associated with fake news and
identity theft to increase in 2019”. These concerns result from 2018 being
traumatized by the increase of massive cyberattacks, breaches in IT security
systems of States, massive data theft and the increase of artificial
intelligence’s use for carrying out cyberattacks always more powerful.

]]>Cyberattacks, the companies more and more efficienthttps://blog.nameshield.com/blog/2019/01/10/cyberattacks-cyber-resilience-the-companies-more-and-more-efficient/?utm_source=rss&utm_medium=rss&utm_campaign=cyberattacks-cyber-resilience-the-companies-more-and-more-efficient
Thu, 10 Jan 2019 14:44:32 +0000https://blog.nameshield.com/?p=1245Continue reading "Cyberattacks, the companies more and more efficient"]]>Image source : VISHNU_KV via pixabay

Last September, Accenture published the research “Gaining Ground On the Cyber Attacker 2018 State of Cyber Resilience” and highlighted the doubling of the cyberattacks number suffered by the companies (232 on average in 2018 versus 106 in 2017 at international level), but also the improvement of the companies’ ability to identify and counter these attacks.

The attacks number has
more than doubled between 2017 and 2018…

This research deserves attention as it
differentiates from many very alarmist reports. If everything is not perfect,
in particular due to the ingenuity and increasing complexity of the attacks,
the companies continue to improve their defense capacity, were able to strengthen
their cyber resilience and stood efficient despite the threats. The companies
are able to defend themselves better, particularly by detecting the attacks
much earlier.

… But where a third of the attacks were
successful in 2017, the part of successful attacks decreased to 1 on 8 (12,5%)
in 2018.

A report that blows hot
and cold

Security teams have made great progress but
there is still more work to be done. Companies now prevent 87% of all targeted
attacks, but are still facing two to three security breaches per month on
average.

Companies might be cyber resilient in two to
three years, but the pressure and the threats’ complexity increase every day.
If 90% of the respondents expect the investment in cybersecurity to increase in
the next 3 years, only 31% think that it will be sufficient.

The new technologies are essential, but the
investments are lagging behind. If 83% of the respondents agreed that new
technologies are essential, only two out of five are investing in AI, machine
learning and automation technologies.

Confidence around cybersecurity measures
remains high, but a more proactive approach of the cybersecurity is needed. If
more than 80% of the respondents are confident in their capacity to monitor
breaches, on the other hand 71% said that cyberattacks are still a bit of a
black box, they do not know how or when they will affect their organization.

The board of directors and management are more
engaged with cybersecurity. 27% of cybersecurity budgets are authorized by the
board of directors and 32% by the CEO. The role and responsibilities of the
CISO must improve towards more transversality in the company.

5 steps to cyber
resilience

Accenture highlights five steps to optimize the
companies’ defense and move towards the ultimate aim of cyber resilience in a
world that continues to change towards new threats territories (artificial
intelligence, omnipresence of the cloud, social networks, smartphones, internet
of things) for more and more complex threats difficult to counter and a need
becoming strategic: the data protection.

Build a strong foundationby identifying high value assets, in order to better protect them
including from internal risks. It is necessary to ensure that controls are
implemented throughout the value chain of the company.

Test the IT security by training
cybersecurity teams
to the best hackers’ techniques. The role plays staging an attack and defense
team with training coaches can allow to bring out the improvement points.

Employ new technologies. For a company, it is recommended
to invest in technologies able to automate cyber defense and in particular to
use the new generation of identity management which relies on multi-factor
authentication and the user behavior monitoring.

Be proactive and anticipate threats by developing a strategic team
(“threat intelligence”) in charge of evolving an intelligent security operation
center (SOC) relying on a collect and mass analysis of the data (“data-driven
approach”).

Evolve the role of the CISO (Chief
information security officer). The CISO is closer to professions, they find the right balance between
security and risk taking and they communicate more and more with the executive
management, which now holds 59% of the security budget versus 33% a year ago.

Conclusion

The Accenture study highlights a real growing
awareness on cyber threats by companies, and the implementation of investment
to better protect themselves. The race is now launched to tend to cyber
resilience, between more and more organized attackers and more and more
sophisticated defense system. See you at the end of the year to make an
assessment of the forces involved.

]]>Communication, governance and opening: what we can wish for 2019https://blog.nameshield.com/blog/2019/01/10/communication-governance-and-opening-what-we-can-wish-for-2019/?utm_source=rss&utm_medium=rss&utm_campaign=communication-governance-and-opening-what-we-can-wish-for-2019
Thu, 10 Jan 2019 13:36:25 +0000https://blog.nameshield.com/?p=1240Continue reading "Communication, governance and opening: what we can wish for 2019"]]>

As 2019 begins, we make three wishes corresponding to an eventful year.

1.A better awareness of the Internet governance.

The main project at the time of
international relations, fake news and voluntary disconnection from the
Internet: the Internet governance should be at the table of the diplomats,
political decision makers and strategic decision makers. France, which shines
in the embassies’ world, should be able to take part in the digital decisions. The
appointment of Henri Verdier as Digital Ambassador is a good thing, hoping that
his knowledge in the private sector will be an absolute strength in his
projects for France. France should be interested in the functioning of ICANN,
the authority of world regulation of the IP addresses and the domain names.
ICANN is recently the subject of strong criticisms regarding potential insider
trading. The American desire to entirely privatize ICANN by suppressing its
links with NTIA needs everyone’s attention.

2. ICANN decided it: a new opening of the root will soon be done. What temporality? That is a mystery. In the meantime, and so as to prevent that the list of the abandoned extensions does not cease to develop, new uses of the new extensions, whether they are opened (.PARIS, .FOOTBALL, .ICU…) or closed (.MMA, .LECLERC, .BCG…) should be found. Today (and tomorrow) the brand protection through a TLD’s possession is a definite advantage in front of the large number of opened extensions. A TLD’s possession can also allow the opening of the scope of possibilities, like .BEST will announce at Namescon at the end of the month (surprise!).

3. The third and last wish, to anticipate the new uses of domain names. While the progress curve of the domain names’ volume increases less than previously, the focus should be on the issue of communication on the Internet. It appears as necessary to propose the registration of all possible domain names one can imagine. This is the consortium Unicode, an American entity which decides which character can be integrated in the IT standards. Let’s follow the evolution of the integration of the characters integrated in the Unicode to identify the future domain names trends. The internationalized domain names were a real positive evolution for web users around the world, myself the first concerned, having an accented first name.

Thus it’s very likely that emojis and other
special characters will become the stars of the upcoming extensions. Soon the ..

These three wishes are part of our work at this time.

For example, our participation in the updating of the
methods regarding intangible assets’ financial and extra-financial valuation of
the Thesaurus Capital Immatériel by
the “Institut de comptabilité de l’immatériel”
(Intangible accounting Institute), aims to answer to the need to acknowledge
the domain names’ value by financial managers.

Domain names are the first assets held by web
users. We are fully aware of the responsibility associated to their management,
and our recent developments in terms of operational excellence (ISO 27100) are the
new guarantors.

After the first changing of the cryptographic
key in last October, it is now, on January 11, that the old KSK key (Key
Signing Key) of the root zone will be deactivated.

The process initiated in October 2018 to improve the security of the root zone, with the deployment of the Key Signing Key-2017, finds its achievement with the revoking of the root of the old key KSK-2010.

As indicated by Paul Hoffman, ICANN’s Principal Technologist, “The ICANN organization does not expect problems with the revocation. However, this is the first time a KSK in the Domain Name System (DNS) root has been revoked, so the ICANN org and the DNS technical community will be watching carefully for at least 48 hours after the publication of the revoked KSK-2010.”

To note, during the rollover on October, the
negative impacts were extremely limited and it would seem that only two
Internet services providers were impacted by interruptions during the process.

Of course, ICANN encourages solutions providers to no longer ship KSK-2010 in their products. ICANN should later publish a white paper about the full rollover process, including the lessons learned from this operation. ICANN communities will then be able to open discussions regarding upcoming rollovers that could happen.

As a result of the violation of the anti-abuse policy, the .me registry decided to suspend the Incels.me website for an indefinite period. For reminder, the website possesses a forum that regroups members claiming to be single despite themselves, or “incels”, and who exchange on their daily lives through this mean.

Disturbing comments, the source of the suspension

It is not without surprise that the administrators of the incels.me website saw their forum become inaccessible. The investigations done by the registry have allowed to discover hate speeches, threats of rape and even murder in the comments exchanged between the participants. The decision to shut down the website was promptly made on October 15th, 2018, due to the content that violated the anti-abuse policy. According to the registry, this measure was taken to force the Incels.me administrators to take down the inappropriate contents and to prevent hate speech from appearing on the forum again.

Incels.me website associated to attacks?

Last April, Toronto was the scene of a bloody attack, where a man murdered 10 persons by a vehicle-ramming attack. Before attacking, the man posted a message on social networks, where he declared himself “incel”. This is only after the investigation that the police discovered that the murderer was inspired by some violent contents from the forum of Incels.me. The link is quickly made between the individual and the content inciting hatred, but also rape, exchanged on the forum.

Incels.me financed by a Chinese giant with suspicious activities

The inquiries launched on the website allow to trace back to its main financier. Thanks to these investigations, we know today that the incels.me website is financially supported by a big Chinese entity that in parallel owns more than 54 000 other domain names. The investigators were shocked by the potential of illicit nature of this company’s activities, ZhuHai NaiSiNike Information Technology Co. Indeed, on the thousands of domain names registered, the major part is involved in websites hosting of prescription drugs’ illegal sale.

Despite the suppression requests of the abusive comments present on the incels.me forum, the Chinese company didn’t proceed to the removing. The website will thus remain suspended until the removing of the litigious contents.

In the context of the fight against insecurity on the web, DNS Belgium, the .BE registry, decided to intensify its action by cooperating with the FPS Economy [The FPS Economy, SMEs, Middle Classes and Energy is a Federal Public Service of Belgium which is responsible for contributing to the development, competitiveness and sustainability of the goods and services market in Belgium] in order to shut down fraudulent websites within 24 hours.

Philip Du Bois, general manager of DNS Belgium indicates: “This protocol will enable us to take even more targeted action, together with the FPS Economy, against possible abuses where .be domain names are involved. It underscores our ambition for a high quality and safe .be zone which serves as suitable environment for the further development of the Internet.”

The aim: to ensure
consumers a completely safe Internet browsing on .BE websites.

This procedure will ensure a much higher
reactivity. Indeed, until now, FPS Economy couldn’t request a blocking from the
registry regarding the content, moreover fraudulent websites with correct
identification data (at least of which the forgery couldn’t be proven), were untouchable.
The blocking required a request from the Prosecution, i.e. a two weeks long
procedure, which left plenty of time for the fraudulent website to create
important damages to the consumers. Several hundreds of such websites per year
were concerned!

From December, the 1st 2018, the protocol will then allow at the request of FPS Economy, the DNS Belgium registry to block .BE domain names which:

Are used for fraudulent websites

Host phishing websites

Of course, this procedure will be applied in
the case of serious crimes.

The blocked domain name’s owner will have two
weeks to react against the blocking. Without action of their part within 6
months, the blocked name will expire.

This still too rare initiative is to be
welcomed in a context of the fierce fight against cybercriminality!

The European Data Protection Regulation (GDPR) came into effect on 25th May and its impact on the management of your SSL certificates portfolio is not neutral.

All Certification Authorities have previously always relied on the WHOIS of the domain name that needs to be certified in order to validate that the certificate applicant has the domain name technical operator’s agreement.

In order to validate an order, one of the authentication steps involved sending an email to one of the email addresses (admin or technical) found on the WHOIS.

However, the GDPR has left its mark and registrars no longer have the right to provide domain name owner personal data without the owner’s explicit consent. This means that the WHOIS database is unusable in terms of Certification Authorities being able to send out validation emails.

Faced with this situation, the Certification Authorities propose sending domain validation emails to one of the following generic addresses by default:

What if none of these addresses exist or is it too complicated to create?

There is an alternative solution. The Certification Authorities are able to validate that you have the domain name technical operator’s agreement through TXT record verification in the DNS zone of the domain name to be certified.

By verifying the presence of this TXT record, the Certification Authority is able to:

issue the certificate if it is a simple DV certificate (Domain validation)

continue to the next authentication steps if it is an OV (Organization Validation) or EV (Extended Validation) certificate.

Even with this in mind, the GDPR is changing the game and is having a significant impact on the SSL industry.
If the generic email validation method is not possible and we have to use TXT record verification method then we will indeed see an increase in certificate processing times.

What are the benefits of using Nameshield to manage your SSL certificates portfolio?

As a Registrar, Nameshield offers a unique market advantage for its SSL clients.
Nameshield carries out a pre-authentication process before each order reaches the Certificate Authority. This makes it possible to anticipate any blocking factors and if necessary to act quickly to resolve them:

Modification of a WHOIS

Edition of the zone to set up a TXT record (if the DNS are those of Nameshield)

]]>A high school student tries to change his grades thanks to phishinghttps://blog.nameshield.com/blog/2018/05/16/a-high-school-student-tries-to-change-his-grades-thanks-to-phishing/?utm_source=rss&utm_medium=rss&utm_campaign=a-high-school-student-tries-to-change-his-grades-thanks-to-phishing
Wed, 16 May 2018 12:37:58 +0000https://blog.nameshield.com/?p=992Continue reading "A high school student tries to change his grades thanks to phishing"]]>Phishing is cybercriminals’ means of choice to hijack users‘ data, posing as a trusty company and then encouraging them to deliver personal information. We are often more inclined to think that this technique is reserved to hackers who try to steal banking or very sensitive information, and yet!

Source : mohamed_hassan via Pixabay

An American student of Ygnacio Valley High School, in California, had a great time reproducing identically the website on which his teachers connect to enter marks and comments. This same student then emailed his teachers to connect to the fake school’s interface, which looked exactly the same as the original one. Thus, he could retrieve their login ID and passwords, and used them in order to raise his grades but also to lower his classmates’ grades.

Quite light in consequence, this data corruption attempt highlights the simplicity of access to this hacking means. Today, phishing is one of the most popular methods and the easiest to implement. Web users, while unaware and fooled by similarities, consequently provide personal, sometimes very sensitive data.

]]>Webstresser.org, the source of million DDoS attacks have been dismantledhttps://blog.nameshield.com/blog/2018/05/04/webstresser-org-the-source-of-million-ddos-attacks-have-been-dismantled/?utm_source=rss&utm_medium=rss&utm_campaign=webstresser-org-the-source-of-million-ddos-attacks-have-been-dismantled
Fri, 04 May 2018 13:01:59 +0000https://blog.nameshield.com/?p=997Continue reading "Webstresser.org, the source of million DDoS attacks have been dismantled"]]>Source : typographyimages via Pixabay

The good news just arrived, Webstresser.org, one of the websites most responsible of million DDoS attacks has been dismantled. This shutdown has been possible thanks to Europol’s active intervention.

For reminder, a DDoS is a cyberattack. The operating mode is to saturate queries servers so the websites hosted on these same servers cannot operate for web users anymore.

Many countries hand in hand to dismantle the network

According to the National Crime Agency’s research, Webstresser.org has been used by hackers for the launching of almost 4 million attacks around the world. Among its victims, there are many British banks.

To carry out this large scale operation, five countries, Croatia, Scotland, Canada, Netherlands and Serbia have combined their best policemen to lend a hand to Europol.

Although this is an operation of international concern, the German, Dutch and American authorities were in charge of closing the website definitely. Now, its operators can’t access it anymore and a message left by the American Ministry of Defense serves as the home page.

Heavy penalties for the hackers

The shutdown of webstresser.org also led to a wave of arrests in many countries like Scotland, Croatia and Serbia. According to the French law, a cyberattack is a criminal offence and the penalties are severe. Thus, if the attack aims individuals, the hacker or hackers can be sentenced to 5 years of imprisonment and a fine of 150 000 euros. If the attack touches the State or its institutions, the penalty can go up to 7 years of imprisonment and a fine of 300 000 euros.

Following this great haul, the Europol spokeswoman and operations coordinator, Claire Georges announced that measures will be taken against all users of the website around the world and that arrests will be expected.

]]>Swaziland, the country that changes its name and its extensionhttps://blog.nameshield.com/blog/2018/04/23/swaziland-the-country-that-changes-its-name-and-its-extension/?utm_source=rss&utm_medium=rss&utm_campaign=swaziland-the-country-that-changes-its-name-and-its-extension
Mon, 23 Apr 2018 10:21:56 +0000https://blog.nameshield.com/?p=988Continue reading "Swaziland, the country that changes its name and its extension"]]>Source : OpenClipart-Vectors via Pixabay

We have learned from the press that Swaziland will change its name at the will of its Monarch.

Indeed, this little South African territory has not changed its name after the decolonization, fifty years ago. It will soon be the case, with the term eSwatini, the country of Swazi. If this information is more of a geopolitical notion, it will have an impact on the country’s abbreviation within the ISO standard 3166-1 alpha 2, and its extension will then change; a similar situation to the one of Kazakhstan, already discussed on this blog.

A new example which highlights the importance of the country’s stability in the choice of an extension used for an active communication.

In a recent article in this blog, we mentioned the arrival of Chrome 68 in July 2018 and the fact that HTTP will be considered “not secure” from then on. Well, this is not the only weapon that Google is planning to use to encourage large-scale adoption of encrypted websites.You may not be aware, but Google has submitted a number of applications to ICANN as part of the new TLD program, and as a registry, they have secured the management of 45 top-level domains*. Just as the .bank and .insurance extensions have very strict security rules, Google has announced that they will apply HSTS implementation and pre-loading to their new TLDs therefore making HTTPS implementation mandatory.

What is HSTS?

HTTPS Strict Transport Security (HSTS) is a way in which browsers automatically enforce HTTPS-secured connections instead of unsafe HTTP. For example, if the website http://www.nameshield.net is on the list, a browser will never make insecure connections to the website, it will always be redirected to a URL that uses HTTPS and the site will be added to its list of sites that must always be accessed through HTTPS. From thereon, the browser will always use HTTPS for this site, whatever happens, whether the user has accessed the site via a Favorite, a link or simply by typing HTTP in the address bar, he has nothing more to do.

HSTS was first adopted by Chrome 4 in 2009, and has since been integrated in to all major browsers. The only flaw in the process is that browsers can still reach an unsafe HTTP URL the first time they connect to a site, opening a small window for attackers to intercept and carry out such attacks as Man-in-The-Middle attacks, misappropriation of cookies or the Poodle SSLv3 attack which was very much in the news in 2014.

A fully secured Top-Level Domain

HSTS pre-loading solves all this by pre-loading a list of HSTS domains into the browser itself, eliminating the threat of attacks. Even better, this pre-loading can be applied to entire TLDs, not just domains and subdomains, which means that it becomes automatic for anyone who registers a domain name ending in that TLD.

Adding an entire TLD to the HSTS pre-upload list is also more efficient because it secures all domains under this TLD without having to include all of the domains individually. Since HSTS pre-load lists can take months to update in browsers, TLD setup has the added benefit of making HSTS instant for newer websites that use them.

HTTPS deployment will be obligatory for .app and .dev extensions

Google is therefore planning to make HSTS mandatory for its 45 TLDs in the coming months. What does that mean? Millions of new sites registered under each TLD will now be HTTPS (and domain owners will need to configure their websites to switch to HTTPS or they will not work). In order to use a .dev, .app, .ads, .here, .meme, .ing, .rsvp, .fly … domain name, you will need to acquire an SSL certificate and deploy HTTPS.

Our team is at your disposal for any questions related to TLDs, domain names or SSL certificates.

]]>“Win an airline ticket with a value of 500€” or other online scams attempthttps://blog.nameshield.com/blog/2018/03/07/win-an-airline-ticket-with-a-value-of-500e-or-other-online-scams-attempt/?utm_source=rss&utm_medium=rss&utm_campaign=win-an-airline-ticket-with-a-value-of-500e-or-other-online-scams-attempt
Wed, 07 Mar 2018 15:01:40 +0000https://blog.nameshield.com/?p=1001Continue reading "“Win an airline ticket with a value of 500€” or other online scams attempt"]]>

Recently, many frauds campaigns offering free Nike shoes here and IKEA vouchers of 500€ there have been going on. Last case in date, a fraudulent e-mails campaign announcing the winning of airline tickets with a nice value of 500€, graciously offered to the winners of a supposed contest proposed by Air France airline company. This scam has circulated around France and was shared on social networks, by e-mails and even relayed on WhatsApp.

A misleading typography: typosquatting

If we look at the e-mail in question, the link www.airfrạnce.com, inserted in the message, seemed to correspond to the official website address of Air France. Except for one little detail… The “a” of France is not a “a” of Latin alphabet but the “ạ” of Vietnamese alphabet. A single dot close then! Amazing case of typosquatting, a practice misleading web users by replacing, adding or deleting a letter in a domain name with the famous brand. Without enough vigilance, web users while thinking they are on a trusted website, could click on the link and find themselves redirected towards a page totally independent of the official website of the brand. On this page, a form to fill with their precious personal data in order to have a chance to win free tickets in this case. A confirmed scam.

The aim of these phishing and frauds campaigns is to collect as many personal information as possible. In other words, the identity thieves, the source of this kind of online attacks seek to obtain the e-mail, phone number and all interesting data of the tricked Internet user.

It was after the alert by Zataz website was sent, that Air France confirmed that it was indeed a fraud. It also encouraged web users to not consider this kind of message. It is also important to specify that the official website of the airline company is secured and authenticated by an SSL certificate, the browsers displaying the https://www.airfrance.fr

What to do in front of these attacks and how to prevent them

The first reaction to adopt is wariness on the user’s side. The more the offer and the benefit are attractive, the more cautious you should be. Don’t communicate your personal data via a form or by return of mail without checking beforehand the request’s authenticity.

Always check the final URL of the page on which you are redirected, be attentive to the typography. Generally, only the information on site are official. An SSL certificate presence and the proprietary data displaying are also good indicators.

On the brands owners’ side, a naming and defensive registration strategy allows to best protect its users. The efficient monitoring implementation will also allow to detect phishing attempts as soon as possible and to take action early in order to stop them.

A fine website stamped Disneyland Paris that asks us if we have already visited the park. Then in step 2, if we have liked it.

In step 3, you have to share and like the publication in order to open the door of our precious Facebook data to this website:

Myriad of fake comments below this screen are making us dream of these famous 4 free tickets instead of the 56€ for each tickets.

Once the step 3 is done, we fall back to earth, there is a random draw. And these tickets, we will probably never have them.

Actually, we will never have them.

But why? Explication:

The website in question:

So we have every reason to believe that we are on a Disney’s website.

Except that we will see how to read and understand a FQDN Internet address (Fully qualified domain name).

This figure of a Wikipedia article on the FQDN allows us to begin to understand:

If we want to read the address in the right order (from top to bottom on the figure), we have to read it from right to left by taking into account that each part of the domain name is separated by a dot and only a dot. In Wikipedia’s case:

Extension: org -> this is an organization

Root website: Wikipedia -> this organization is called Wikipedia.

Subdomain: ru -> we are in the Russian part of the Wikipedia’s website.

Thus, in this case, we should read the address that way:

Extension:
So we are on a website dedicated to game.

Root website:
We are on Com-Tombola’s website.

Subdomain:
We are in the part of the Com-Tombola’s website, dedicated to Disneylandparis.

A well-informed eye will easily detect that com-tombola, if this company really exists under this name, will probably not distribute free tickets for Disneyland Paris. This is a study case of Typosquatting, relayed by social networks. Everyone can easily fall into the trap, so be more vigilant!

Another interesting indicator to detect this kind of scam: The absence of SSL certificate which encrypts your data. Easily identifiable, SSL certificate displays a green lock on the browsers, and also the https:// protocol instead of the simple http://.

Here the examples:

Pirate website:

Equipped websites:

In case of any doubt, Nameshield’s teams are at your disposal to enlighten you.

The slamming is a fraud aiming to deceive companies in order to sell by emails unsolicited services for domain names.

These slamming attempts are easily recognizable and play on their contacts lack of knowledge in some cases. The slammers propose services that you didn’t solicit with your official registrar (registration, whois’update, owner or registrar transfer…) at high prices. These emails are sources of anxiety and lead you to take a quick decision.

For example, a standard slamming email would encourage you to register domain names in emergency because a third party would have done a domain names’ registration request using exactly your company name or your lead product, identically (as if by chance). They recommend you to register them without delay to prevent any cybersquatting. Obviously, the “fake registrar”, in its great magnanimity has put on standby the domain name registration order for the good of the company…

Warning, the slammer uses visual references and the right technical vocabulary, misleading that way the company. They can also make reference or put the logo of some registries or actors of the Internet environment in order to give credibility to their speech.

What to do if you have any doubts?

Forward your emails to Nameshield, which will confirm you if these mails are fraudulent.

We recommend a management of your domain names centralized and managed by a person informed of the operations associated to domain names. Don’t take any decision in a hurry. You can also make a whois to verify the sender’s identity and the existence of the “registrar” company. You will then notice that most of the domain names used for slamming campaigns have been recently registered and that the companies holding the names are unrelated to the registration office activity.

Be careful, your domain names are intangible assets to protect, secure and value.

Nameshield assists you on a daily basis, in the management of your domain names portfolio, your digital brands protection and the risks management on the web.

It’s during the opening ceremony of the PyeongChang Winter Olympic Games that a cyberattack has aimed at the host infrastructure IT department.

Around 45 minutes before the start of the event, the servers and WI-FI network have been hit by an attack, which fortunately has not impacted the ceremony. However, in the Olympic Village, the press zone has been deprived of Internet connection and television. Furthermore, the official website of the PyeongChang 2018 Olympic Games has been unreachable for hours, hindering web users to print their tickets to access to the event. 12 hours were needed to completely restore the services.

The CIO didn’t wish to communicate on this attack origin, but PyeongChang 2018’s spokesperson points that “there was a cyberattack, the server has been updated yesterday (Sunday February 11), and we know the cause of the problem. We know what happened, this is a usual thing during Olympic Games. We will not reveal the source.” The CIO’s communication director, has assured “We refuse for now to reveal the details of our investigation, but we will do it.”

A cyberattack with destructive aim

Talos Security company’s two researchers have analyzed the attack though and observed that the purpose was not to retrieve sensitive or personal data contained on the organization server, but clearly to interfere with the games ‘running.

The virus samples’ analysis allowed to highlight its main purpose: the destructive aspect. Concretely, the effects caused by this cyberattack, were to delete the events of the calendar and the documents, and above all, to make the affected machine inoperable.

PyeongChang Games, victims once again

At a global scale and ensuring a visibility of choice for cybercriminals, this is not the first cyberattack suffered by the PyeongChang Olympic Games. At the end of December 2017, the infrastructure was hit by an attack mainly consisting of the sending of emails to the event organizers. According to the McAfee company, those mails contained Word files infected by a virus.

Russia, North Korea: the different leads considered

The potential attack’s perpetrators could be Russia, of which the delegation has been denied of the Games for doping reasons: before the Games, McAfee declared to have information indicating that hackers located in Russia had planned attacks in retaliation.

A possible North Korean involvement was also mentioned, despite the rapprochement that could be observed by the viewers during the opening ceremony.

An attack that shows, once again, the IT infrastructures ‘vulnerability despite the means implemented.

]]>FIC 2018: Nameshield’s DNS Premium solution labelled France Cybersecurityhttps://blog.nameshield.com/blog/2018/01/26/nameshield-dns-premium-labelled-france-cybersecurity/?utm_source=rss&utm_medium=rss&utm_campaign=nameshield-dns-premium-labelled-france-cybersecurity
Fri, 26 Jan 2018 11:23:59 +0000https://blog.nameshield.com/?p=941Continue reading "FIC 2018: Nameshield’s DNS Premium solution labelled France Cybersecurity"]]>These 23 and 24 January, has taken place in Lille, the 10th edition of the International Cybersecurity Forum (FIC). With 7000 participants, 240 partners and 60 represented nationalities, it is a major event in terms of cybersecurity and digital confidence, gathering all the actors in France and in Europe.

On this occasion, and for its first participation as a partner, Nameshield was given the France Cybersecurity label for its DNS Premium solution.

France Cybersecurity Label given by Mounir Mahjoubi, Secretary of State for Digital

The Nameshield’s labelled DNS Premium solution

The DNS is a well-known attack vector: DDoS, spoofing, Man in the Middle. The attacks are various and sophisticated. In front of the magnitude of these threats, maintaining its DNS infrastructure is complex.

This solution labelled France Cybersecurity, thus allows to its users to protect their digital assets from any attack and ensures a high availability of their Internet services.

What is the France Cybersecurity label?

The France Cybersecurity label is the guarantee for users that the Nameshield’s products and services are French and possess clear and well defined functionalities, with a certain level of quality in terms of cybersecurity, verified by an independent jury.

The France Cybersecurity Label answers to several needs and objectives:

Raise awareness among users and international ordering parties regarding the importance of the French origin of a Cybersecurity offer and its intrinsic qualities

Certify to users and ordering parties the quality and functionalities of labelled products and services

Promote French cybersecurity solutions and increase their international visibility

Certify to users and ordering parties the quality and functionalities of labelled products and services

Increase their overall use and the users’ security level

This label is governed by a committee composed of representatives gathered in 3 colleges:

College of officials: representatives from the Direction générale de l’armement (DGA, the French Government Defense procurement and technology agency), the Direction générale des entreprises (DGE, the French Directorate General for Enterprise within the Ministry of Economy, Industry and Digital), and the Agence nationale de la sécurité des systèmes d’information (ANSSI, the French National Cybersecurity Agency).

College of users: representatives from groups of users, such as: CIGREF, GITSIS, CESIN, CLUSIF ISSM space.

College of industrials: representatives from the “Alliance pour la Confiance Numérique” (ACN – Alliance for digital confidence) and HEXATRUST.

Nameshield certified ISO 27001 on all its registrar activity, was able to bring all the necessary guarantees to obtain the France Cybersecurity Label for its domain names securing offer, the DNS Premium and as highlighted by Gérard Gourjon, Nameshield’s Deputy Director-General: “Obtaining the France Cybersecurity Label illustrates our engagement to provide the best services and standards regarding cybersecurity to our customers. At Nameshield, we are proud to see our highly efficient and highly secured DNS infrastructure being labelled.”

The CAB forum, organization which defines the SSL certificates issuing and management rules approved the SSL certificates reduction to a duration of 2 years against 3 previously. Initiated by the browsers Chrome and Mozilla heading, this decision moves in the direction of an always more secured Internet by forcing the actors to renew more often their security keys and to stay on the last standards of the market.

This decision will be applicable to all Certification Authorities from March 1st 2018. In order to ensure a smooth transition, from February 1st 2018, Nameshield will not propose certificates with a 3 years duration anymore.

What impact for your certificates?

The new certificates will thus have a maximum duration of 825 days (2 years and 3 months to cover the possibility of 90 days early renewal). EV certificates were already under this scenario, so are concerned the DV and OV certificates in all their forms (standard, multi-sites or wildcard). Nothing in particular for these certificates.

For existing certificates, this new duration will have a consequence, since it will apply to all the certificates from March 1st. A 3 years certificate issued recently and which would need to be replaced beyond the 825 days deadline, will then have to be authenticated again. It is then important to know it to prevent urgent reissue, including for the simple SAN adding. You have to check beforehand if the certificate to replace may be impacted, this is the case of DV and OV certificates, the EV are also not concerned here.

Nameshield’s SSL team will inform you regarding the concerned certificates.

Artificial intelligence has released its first solo album of 15 tracks and bears a name alluding to the IT developers: Hello World. Good or bad news for the artists?

First album composed with artificial intelligence

The artificial intelligence field of expertise moves ahead quickly, very quickly. In January 2018, Microsoft and Alibaba’s artificial intelligence models surpass human at the reading and comprehension tests of Stanford University. Google can perfectly imitate human voice. AlphaGo Zero (artificial intelligence model on the Go game) learns just from its algorithm since October 2017 and is not based on human gamers anymore.

Recently, through the SKYGGE project, François Pachet (artificial intelligence researcher at Spotify and Flow Records’ director) and Benoît Carré (author and member of Liliclub group) introduced artificial intelligence in the artistic sphere and proposed an album resulting from Flow Machines technology which allows to compose music with artificial intelligence.

Some projects have shown the way but stay experimental and are hardly melodious (Pierre Barbaud or Google Magenta Music for example). “Hello World” brings change insofar as the songs composed through Flow Machines are intended to be closer to songs composed by humans and don’t sound odd at all within the playlist. Without having the information, it’s difficult to guess by hearing that the song was composed through artificial intelligence.

How does it work?

Flow Machines technology is based above all, on a huge, rich and varied song library, which it analyzes.

After having absorbed all these scores, Flow Machines will be able to generate music styles. The user’s songs selection allows the software to analyze the style and find harmonic repetitions and then to create songs by applying a probability model (Markov Chain).

You only need to combine an artist’s songs so that the technology produces new songs in the artist’s style.

In this video, we can see how the software works:

Source : Amelie Charnay’s YouTube channel

However can this technology replace the artist?

Today, a program can create music by itself. Should the artists be worried?

Actually, Flow Machines needs the artist to function. They remain at the heart of the composition, which is why many artists have participated in this album’s composition, among them, Stromae, Kiesza or Pirouette.

What is its role in the album? François Pachet indicates that this album contains at the same time lyrics generated by the software as written by songwriters, voices and instruments created by the software, but also studio recording.

Video clip of the song from Stromae/Kiesza composed with Flow Machines:

Source : SKYGGE MUSIC’s YouTube channel

It seems that the Flow machines technology doesn’t intend to create music autonomously. The artist is implicated at each stage of the creation. The artificial intelligence proposes a melody to the artist, then the artist adjusts the melody to their expectations, the artificial intelligence then reworks the melody and so on. Therefore, the style of the artists who have collaborated is present on this album, while proposing something different.

This technology actually stimulates the artist’s creativity, it doesn’t replace it, at least for now… But even if artificial intelligences could one day compose with total autonomy, would the artists stop to compose? Do the Go gamers stop to play since AlphaGo Zero is stronger than them?

A victim of phishing from 2015, asked her bank for a refund of 3300€, which was the amount diverted by a fraud author. However, during the legal procedure, the Justice has cancelled the judgement of the local court of October 2017, which has requested to the bank of the victim to refund the corresponding amounts of the phishing operation.

The reason of this cancellation? The victim has deliberately communicated some confidential data regarding her credit card, by falling into the trap of a phishing email (the scammer has posed as the telephone operator of the victim).

This cancellation argument argues that indeed, the mail didn’t have any recipient nor sender name and that the reject or unpaid mention was inexact. Also the victim could have prevented the trap set and not communicate her banking information. Therefore, it was her responsibility, which indeed cancels the request for the stolen money refund by the bank.

The majority of phishing websites use domain names associated to an existing activity or referring to an activity, with the aim to deceive users, by inviting them to click on the links of legitimate websites. It allows to increase the likelihood of the attackers’ success.

If it is true that fraudulent payment online is directly caused by the victim’s negligence, yet, she didn’t communicate neither her credit card confidential code, nor the 6 digit 3D SECURE code, which was sent to her by SMS to validate the payment. The victim has blocked her credit card the same day, after the reception of two 3D secure messages.

However, in this case, the bank affirms that regularly, it has raised its customers ‘awareness and communicated with them, in order to alert them of phishing risks and warn them to never communicate their confidential banking data.

Thus, the Court of Cassation has judged that the victim acted carelessly and could have prevented to fall into the trap of the fraudster.

Cyber threats heavily rely on web users’ bad practices, as the SANS Institute confirms. The threats the most frequently encountered in companies are phishing (72% of the respondents), spywares (50%) and ransomwares (49%).

According to the American company Webroot, about 1.385.000 unique phishing websites are created each month, with an impressive peak of 2.3 million during May 2017.

Be aware that these phishing websites stay active during a very short period: between 4 and 8 hours maximum, to prevent to be followed or blacklisted.

Of course, this case reminds that vigilance remains crucial more than ever!

Recently, some Amazon users have been the victims of a quite sophisticated phishing attack.

They received a fake e-mail from Amazon, alerting them that someone attempted to connect to their account by trying to change their password. A six digit code was transmitted with the instruction to call a number to verify the user’s identity. If the web users were not the source of these actions, they were invited to follow a specific procedure to secure their account. When they called the supposed Amazon number, they were directed to a Customers service department, located abroad. During the call, they had to go on a website and communicate the code to ensure the security of the account.

The copy of the phishing message:

Fortunately, many web users have detected this phishing attack and didn’t fall into the trap. But for the others, were they victims of a malware or a data theft?

All web users are hit by these phishing attempts. They are part of our daily lives, but many brands raise awareness among their customers against these actions (mostly the banking industry which is the privileged target of hackers).

To be continued.

]]>The blockchain at the service of domain nameshttps://blog.nameshield.com/blog/2017/12/04/blockchain-service-domain-names/?utm_source=rss&utm_medium=rss&utm_campaign=blockchain-service-domain-names
Mon, 04 Dec 2017 10:52:04 +0000https://blog.nameshield.com/?p=886Continue reading "The blockchain at the service of domain names"]]>Photo’s author : Ethereum – Source : https://www.ethereum.org/assets

The case of Ethereum foundation and the «.ETH » extension.

Ethereum is a foundation created during 2015, by Vitalik Buterin, a 21 years old Canadian. This foundation aims to promote the Ethereum blockchain technology, created by this young computer engineer, who proposes in addition to a virtual currency, like the Bitcoin blockchain, the possibility to create applications ensuring traceability, inviolability and sustainability of the transactions they manage. To allow to the greatest number of people to access to these applications, the Ethereum foundation has recently presented the ENS for «Ethereum Name Service», and its corollary, the «.ETH» extension.

Thus, if we take the example of the Bitcoin blockchain, the purpose was to create a virtual currency. The major interest consists in the absence of any central regulatory body, since it is controlled and managed by the community members, in a fully decentralized way. Any transaction done on the blockchain leads to an inscription in a block, published on a registry shared between the members. The transactions’ inscription in a block is carried out by « miners », who check, register and secure the transactions in the blockchain. This database hence lists all the transactions in blocks, creating a blocks chain supposed to be immutable and inviolable, due to the use of electronic signatures, and redistributed on the network, since it is decentralized.

Ethereum blockchain also has its currency, namely the Ether. But unlike Bitcoin, Ethereum didn’t create a virtual currency but has extended the use of the blockchain to other applications: the «smart contracts». Thus, Ether must not be considered as a currency but rather as a consumable allowing to exchange on the blockchain, use the applications it hosts.

The « smart contracts » concept

Ethereum proposes many possibilities of decentralized applications usable on its blockchain. These smart contracts are defined by the Blockchain France website as being « autonomous programs, which once started, automatically execute predefined conditions. They operate as any conditional instruction of « if – then » type (if such condition is verified, then such consequence is executed) ».

Concretely, this is a decentralized application, developed according to the Ethereum programming language (the Solidity), which automatically executes predefined instructions, on the conditions that the requirements are met, without the assistance of a third party, and ensuring that no modification is possible. These programs are executed on the Ethereum blockchain and controlled and certified by its members.

Thus, the promise is to delete intermediaries thanks to the total decentralization, managed by the processes automation.

For example, among possible applications, Ethereum foundation has announced on May 4th 2017, the creation of Ethereum Name Service, allowing domain names registration using «.ETH » extension.

Names’ registration in «.ETH »

The Ethereum Name Service, or ENS, corresponds to the Internet DNS, managed by ICANN, but unlike the latter, ENS is not based on root servers, but on the multitude of servers/machines, members of the Ethereum blockchain.

This is not a new registry having created another extension, but rather an alternative notion of the Internet.

Indeed, ENS is neither attached to the Global DNS, or to the IANA organization, nor to ICANN. ENS is a naming system specific to the Ethereum blockchain.

Domain name registration using «.ETH » is operating in a different way than classic domain name registration. This is a bidding system by anonymous deposit of a number of Ethers. In short, the name request opens a 72 hours period allowing other persons to bid. A second period of 48 hours then opens, during this period, each bidder must disclose their bid. The best bidder wins the name registration and is refund of their bid, minus the value corresponding to the difference of amounts between the two best bids. These funds are kept in a contract during 1 year minimum and can be removed at the end of this period, subject to release the name. If the name is the subject of one bid only, the bid’s winner is refund of the invested Ethers, except 0.01 Ether, corresponding to the minimum bid. This system should allow according to the ENS developers to prevent from speculation on domain names registration.

The system then doesn’t need an authority like ICANN, since the names ‘attribution is automated thanks to an IT program distributed and secured on the blockchain.

Nevertheless, if you type a domain name in «.ETH » in your browser search field, like Google Chrome, or Mozilla Firefox, an error page will be displayed. Indeed, the registered names in «.ETH » are not recognized by these browsers, since they aren’t part of the DNS network, they aren’t recognized as a domain name. Google Chrome extensions are proposed to create a bridge between the « web Ethereum » and the Internet that we know.

Hence, essentially, names currently registered in «.ETH » are only usable on the Ethereum blockchain, and therefore don’t affect the general public.

Lastly, the first use of ENS is, like the DNS, to allow the user to read and remember more easily an address by giving it a meaning. The DNS allows to translate an IP address in a legible address via the domain name.

For example, when a user wishes to send Ether to another user, they only have to know their domain name and not their user address anymore. These domain names have a quite limited use, but may thereafter be used to access to future Ethereum applications.

The risks of the «.ETH » for brands owners

To this day, current web browsers don’t support these extensions, it seems that brands owners have no need to worry.

However, many French and international brands are « cybersquatted ». I.e. Ethereum users have won bids on brands names like « samsung.eth » or « volkswagen.eth ». They take over the name’s ownership for one year.

At the end of this first year of registration, the owners may release these names to retrieve the Ether stock associated to the name.

Risks should not be excluded in a near future if the «.ETH » are led to become more common and to offer interesting uses for the general public. Under this hypothesis, current web browsers could natively integrate «.ETH », in the same way as «.COM » or «.XYZ ».

Therefore, the owners of «.ETH » taking registered trademarks, for example may seek to benefit from this registration by using the reputation or identity of these protected brands, in order to divert the traffic to their own products or services. It may also be competitors seeking to tarnish their competitor’s brand image.

In the ICANN system, the rules enacted, in particular with UDRP procedures, propose to overcome these risks afterwards by allowing brands owners to try to recover a domain name using unjustly their brand. The restrictive nature of these rules, accepted and respected by registration offices, facilitates the application of the decision of Arbitration Center experts, and thus a domain name transfer to their rightful owner.

In the ENS system, there is no central authority which could enact these rules. Furthermore, domain names in «.ETH » have no real Whois file. To register such a domain name, they need to have Ethers and to create a portfolio. The identity is concealed behind a characters sequence, i.e. the digital impression of a cryptographic key. Therefore, it seems difficult to know the real identity of an owner in «.ETH ».

Furthermore, unlike the current system, it seems difficult to justify a territorial competence for «.ETH». The blockchain is not linked to any territory, it is distributed on all its members ‘machines, and thus all around the world.

The solution could eventually be developed by the Ethereum users themselves. It’s not to be excluded that an application is created in order to check the legitimacy of a domain name owner, on the basis of criteria defined in a program, like for example, the risk of confusion regarding a preexisting brand, and the good faith criteria in the use made of them. The constitution of a «popular jury » with voting materials would allow to decide on the issue as the result of a complaint from another member.

]]>Disastrous consequences of a domain name non-renewalhttps://blog.nameshield.com/blog/2017/11/15/disastrous-consequences-domain-name-non-renewal/?utm_source=rss&utm_medium=rss&utm_campaign=disastrous-consequences-domain-name-non-renewal
Wed, 15 Nov 2017 16:44:12 +0000https://blog.nameshield.com/?p=837Continue reading "Disastrous consequences of a domain name non-renewal"]]>Source of the image : SEO Link Building

The American telecommunication company, Sorenson Communication, has forgotten to renew a domain name for only a few days in June 2016. The decision has fallen at the end of September 2017, Sorenson Communication has to pay a fine of 3 million dollars. Why such a high amount?

The domain name which has fallen back into public domain was carrying a critical service for some users! It was the “Video Relay System” which telecommunication companies must provide to deaf people and persons with vocal disabilities, so they can make video calls and contact the 911 USA emergency number, by using sign language. Utah residents with these disabilities were unable to reach 911 for 3 days!

Sorenson Communication indeed realized rather late its omission and ended up renewing the domain name only 3 days later.

But this kind of omission can be easily prevented, thanks to the “automatic renewal” option for all your domain names portfolio. Your critical domain names, carrying services, website and/or mailboxes, will not be interrupted by a simple renewal omission.

On the fine of $3 million, 252 000$ are transferred to “The Federal Communication Commission” and $2.7 million to the company of “Telecommunications Relay Services Fund”, which has found a temporary solution to rent its bandwidth during these 3 sensitive days.

]]>The continuation of the Equifax case or how the controls implemented in the context of an ISMS (ISO 27001) can help to prevent security incidents?https://blog.nameshield.com/blog/2017/11/15/continuation-equifax-case-controls-implemented-context-isms-iso-27001-can-help-prevent-security-incidents/?utm_source=rss&utm_medium=rss&utm_campaign=continuation-equifax-case-controls-implemented-context-isms-iso-27001-can-help-prevent-security-incidents
Wed, 15 Nov 2017 15:48:46 +0000https://blog.nameshield.com/?p=830Continue reading "The continuation of the Equifax case or how the controls implemented in the context of an ISMS (ISO 27001) can help to prevent security incidents?"]]>

October 3rd, 2017, Equifax’s ex CEO, Rick Smith, had to explain to the American Congress how the private data of almost one out of two Americans could be hacked.

March 9th, 2017: An Apache Struts flaw is detected. Less than a week after, the security patch is validated and planned, but the latter is not applied on all the servers.

March 15th, 2017: a scan is carried out but no vulnerability is detected.

April 2017: Hackers take advantage of this breach (the security patch which was not applied on all the servers) and steal the precious data.

July 31th, 2017: The ex CEO is informed of the information theft.

September 8th, 2017: Official communication on the hacking.

How can the ISO 27001 certification and the establishment of an associated ISMS (Information Security Management System) help to prevent this kind of incident?

The ISO 27001 standard is the reference regarding validation and constant improvement of an ISMS. It relies on 114 control points which scan all the domains for the establishment of an ISMS, including the implementation of procedures and the platforms update processes.

That includes the implementation and regular control of the risks management process aiming to ensure the data security. The main purpose of this management system is to carry out the appropriate measures in order to reduce, even eliminate threats impact on users or customers.

The ISMS is a wheel of constant improvement and in the case of Equifax, the processes of control established and tracked with an ISMS could have eventually helped to prevent this kind of incident.

This case demonstrates again the obligation to rethink the security strategy within companies and to implement necessary protocols to ensure the discovery of possible security flaws and the corrective action to apply.

]]>The CAA becomes mandatory in the small SSL’s worldhttps://blog.nameshield.com/blog/2017/11/15/caa-becomes-mandatory-small-ssls-world/?utm_source=rss&utm_medium=rss&utm_campaign=caa-becomes-mandatory-small-ssls-world
Wed, 15 Nov 2017 13:48:05 +0000https://blog.nameshield.com/?p=824Continue reading "The CAA becomes mandatory in the small SSL’s world"]]>Or how to benefit from it to implement a certification strategy specific to your company?

In January 2013, a new type of DNS Resource Record has appeared to improve the control chain in the SSL certificates issuing. This record, called CAA for Certificate Authority Authorization, allows to specify for a given domain name which Certification Authorities are authorized to issue certificates.

It’s an extremely interesting creation, in particular for big companies and groups, which technical teams are scattered in the World and for which it’s often difficult to require a global certification strategy. It’s not unusual for companies to accidentally discover the existence of certificates requested by teams not knowing the processes, by external consultants, issued by Certification Authorities with a bad image, or for certificates of low level of authentication (DV). The implementation of CAA record on your domain names is a good solution to control what the teams are doing and the news on SSL’s world will help you do that.

Indeed, if the CAA has been detailed in the RFC-6844 from 2013, it was not mandatory until today, for a Certification Authority to check if it was authorized or not to issue a certificate on a given domain name, hence a certain uselessness of this and a very low adoption.

September 8th, 2017 – The CAA checking becomes mandatory

We had to wait until March 2017, and a positive vote of the CAB/forum (ballot 187) to make this verification mandatory. Since the 8 September, the Certification Authorities have the duty to do this verification at the risk of sanctions from CAB/forum and browsers, the recent news regarding Google and Symantec has shown us how it’s not in their interests.

Three scenarios occur during this verification on a given domain name:

A CAA record is set and indicates the Certification Authority name, this one can issue the certificate.

A CAA record is set and indicates a Certification Authority’s name different, this one CANNOT issue the certificate.

No CAA record is set, any Certification Authority can issue a SSL certificate.

It’s important to note that for a given domain name, many CAA records can be declared. A simple tool (among many others) to test your domain name, is available online: https://caatest.co.uk/

How to benefit from CAA for my company?

If it’s not already done, the establishment of the CAA checking is the opportunity for your company to define a certification strategy and to be able to ensure that it is complied with.

Define one (or multiple) Certification Authority corresponding to your values and to your expectations in term of service quality is a first step.

It will require to put around the table the marketing stakeholders to validate the impact on websites display and the technical services to ensure of the chosen provider’s quality. It will then be necessary to declare these CAA records in the different zones of your domain names.

It’s then important to communicate with all the operational staff so they become aware of the rules imposed within the company, in order not to block them in obtaining a certificate.

Indeed, Nameshield’s experience shows that SSL certificates are often requested in a hurry; moreover the browser’s last versions are not kind towards certificates’ errors by ostensibly displaying “not secure”. In consequence, blocking the issuing of a certificate because the communication didn’t get through can be damaging.

Such strategy presents real advantages in the control of certificates, in marketing, technical, risks control and costs associated to certificates. It’s necessary to conduct it with full knowledge and in order to do it, our SSL experts’ team can assist you.

The American company Equifax, based in Atlanta, present in 24 countries, has been the prey of a particularly worrying cyberattack.

Equifax collects and analyzes personal data of customers soliciting a credit. At the beginning of September, the company revealed an intrusion in its database.

This IT hacking could have potentially concerned around 143 million American customers and many others customers soliciting a credit like Canada or Great Britain. The criminals have exploited a breakdown in a web application between mid-May and July. They have obtained names, social security numbers, birthdates, addresses and some driving license numbers. These data theft is really worrying.

This information will facilitate identity fraud and account hacking. In the United States, the social security number is necessary to work, open a bank account or obtain a driving license and usually to rent an apartment. Some data might even be already on sale on the Dark Web (part of the Web non-indexed by general search engines).

This attack directly touches the heart of Equifax’s identity and activity. The company has implemented a website (www.equifaxsecurity2017.com) and a phone number at the disposal of their customers and a security company to evaluate the damages.

Equifaxsecurity2017.com website

All companies should see this attack like a warning. This example is indeed the proof that companies can have difficulty in seeing what is happening inside their own computer networks. New attacks, each day more sophisticated, go more and more unnoticed.

Moreover, Equifax affirms to have discovered the attack on July the 29th. However, the communication done to the customers comes only at the beginning of September: an abnormal delay regarding data protection this sensitive. Today, those data have vanished into thin air.

This large scale hacking is far from being the first one. Last year, the Yahoo group has announced that one billion accounts have been hacked, while other American companies have also been the victims of hacking, like the Adult Friend Finder website, or Target, the distribution group. The thieves didn’t access to social insurance numbers, or driving licensing though.

This attack comes only to strengthen the necessity for companies to consider in their security strategy all the flaws likely to serve as entrance to cybercriminals.

]]>The 3 most common DNS attacks and how to defeat themhttps://blog.nameshield.com/blog/2017/10/24/3-common-dns-attacks-defeat/?utm_source=rss&utm_medium=rss&utm_campaign=3-common-dns-attacks-defeat
Tue, 24 Oct 2017 08:48:28 +0000https://blog.nameshield.com/?p=809Continue reading "The 3 most common DNS attacks and how to defeat them"]]>

In October 2016, many popular websites like Amazon, Twitter, Netflix and Spotify have become unavailable to millions web users in the United Sates, during almost 10 hours, i.e. an eternity. The cause, one of the most powerful attacks of Internet history on Dyn’s DNS services, a major actor in this sector.

Other companies like Google, The New York Times and many banks have also been the victims of different kinds of attacks aiming at the DNS, the last few years, and if in many companies, the DNS stays forgotten, things are evolving towards awareness forced by these many attacks.

Attack #1: DNS cache poisoning and spoofing

The aim of DNS poisoning is to take web users towards a scam website. For example, a user enters gmail.com in their web browser with the objective to consult their mailbox. The DNS having been poisoned, it’s not the gmail.com page which is displayed but a scam page chosen by the criminal, in order, for example, to retrieve the email box accesses. The users entering the correct domain name, will not see that the website they’re visiting is not the right one but a scam one.

It creates a perfect opportunity for the cybercriminals to use phishing methods in order to steal information, either identification information or credit card information from unsuspicious victims. The attack can be destructive, depending on many factors, the attacker’s intention and the DNS poisoning impact.

How are the hackers making their strike? By exploiting the DNS cache system.

The DNS cache is used in all the web to accelerate the time charging and reduce the charges on DNS servers. The cache of a web document (web page, images) is used to reduce bandwidth consumption, the web server charge (tasks it carries out) or to improve the consultation speed of the browser use. A web cache keeps documents copies transiting through its way. Once a system requests to the DNS server and receives an answer, it records information in a local cache for a faster reference, in a given time, without having to search the information. The cache can answer to past requests based on its copies, without using the original web server.

This approach is used around the web in a regular way and in chain. The DNS server records are used to cache records on another DNS. This server is used to cache DNS records on network systems like rooters. These records are used to create caches on local machines.

DNS poisoning arrives when one of its caches is compromise.

For example, if a cache on a network rooter is compromised, then anyone who uses it can be misdirected towards a fraudulent website. The false records of DNS is branched to the DNS caches on the machine of each user.

This attack can also target the high links of the chain. For example, a major DNS server can be compromised. It can damage DNS servers’ caches managed by the Internet services providers. The “poison” can impact on the systems and peripheral networking of their customers, which allows to forward millions of persons towards fraudulent websites.

Does it seem crazy to you? In 2010, many American web users couldn’t access websites like Facebook and YouTube, because a DNS server of a high level internet services provider has accidently retrieved the records of the Chinese big firewall (Chinese Government blocked the accesses to these websites).

The antidote to this poison

The DNS cache poisoning is very difficult to detect. It can last until the TTL (time to live – validity time of a request in cache) expires on the cache data or an administrator realizes it and resolves the problem. Depending on the TTL duration, servers can take some days before resolving the problem by themselves.

The best methods to prevent an attack by DNS cache poisoning include the regular update of the program, the reduction of TTL times and the regular suppression of DNS caches of local machines and network systems.

For the registries that allow it, the implement of DNSSEC is the best solution in order to sign domain names’ zones on all the chain and make impossible a cache poisoning attack.

Attack #2: Attack by DNS amplification (of DDoS type)

Attacks by DNS amplification are not threats against DNS systems. Instead of this, they exploit the open nature of DNS services to reinforce the power of the attacks by distributed denial of services (DDoS). These attacks aren’t the lesser known, targeting for example well known websites like BBC, Microsoft, Sony…

Hold on and amplify

DDoS attacks generally occur with the help of a botnet. The attacker uses a network of computers infected by malwares to send mass traffic towards the target, like a server. The purpose is to surcharge the target and slow it or crash it.

Attacks by amplification add more power. Instead of directly sending traffic from a botnet to a victim, the botnet sends requests to other systems. These systems answer by sending more important traffic volume to the victim.

Attacks by DNS amplification are the perfect examples. The attackers use a botnet to send thousands of search requests to open DNS servers. The requests have a fake source address and are set up to maximize data quantity sent back by each DNS server.

The result: an attacker sends relatively restrained quantities of traffic from a botnet and generates traffic volumes proportionally superior or “amplified” of DNS servers. The amplified traffic is directed towards a victim which causes the system’s breakdown.

Detect and defend ourselves

Some firewalls can be set up to recognize and stop the DDoS attacks as they occur by deleting artificial packages trying to flood the systems on the network.

Another way to fight against these DDoS attacks consists in hosting your architecture on many servers. This way, if a server is surcharged, another one will always be available. If the attack is weak, the IP addresses of traffic sending can be blocked. Furthermore, a rise of the server’s bandwidth can allow it to absorb an attack.

Many dedicated solutions also exist, conceived exclusively to fight against DDoS attacks.

Attack #3: DDoS attack on DNS

DDoS attacks can be used against many systems types. It includes the DNS server. A successful DDoS attack against DNS server can cause a breakdown, which makes the users unable to surf the web. (Note: users are susceptible to continue to reach websites they have recently visited, by supposing that the DNS record is registered in a local cache.)

This is what happened to Dyn’s DNS services, as described at the beginning of this article. The DDoS attack has surcharged the DNS infrastructures that prevents millions of persons to access principal websites which domain names were hosted on.

How to defend yourself against these attacks? It all depends on your DNS configuration.

For example, do you host your DNS server? In this case, there exist measures that you can take to protect it, by updating the last patches and by only allowing local computers to access it.

Are you perhaps trying to reach the attacked DNS server? In this case, it will probably be hard for you to connect. That’s why, it’s wise to set up your systems to rely on more than one DNS server. This way, if the principal server doesn’t answer anymore, a backup server will be available.

Predict and reduce the attacks

DNS server attacks are a major risk of security for the network and have to be taken seriously. Companies, hosts and Internet services providers, implement backup measures to prevent and reduce the effects of this kind of attacks when they are the victims.

Following these attacks, ICANN has highlighted more strongly than ever the necessity to use the DNSSEC protocol to sign each DNS request with a certified signature, by ensuring that way the authenticity. This technology’s disadvantage is that it has to be implemented at every stages of DNS protocol in order to operate properly – which arrives slowly but surely.

Opt for hosted infrastructures and maintained by DNS experts. Make sure that the network is anycast (multiple points of presence distributed around the world or at least on your influence zones), beneficiates of anti-DDoS filter and offers you supplementary security solutions like DNSSEC but also failover, to integrate the DNS in your PCA and PRA.

Nameshield has its own DNS Premium infrastructure to answer to their customers’ needs. This infrastructure answers in particular to (even exceeds) all ANSSI prerequisites. The DNS Premium solution is integrated in the scope of our ISO 27001 certification.

Don’t hesitate to contact us for all questions regarding cyberattacks.

]]>DNS – the big forgotten of Internethttps://blog.nameshield.com/blog/2017/10/24/dns-big-forgotten-internet/?utm_source=rss&utm_medium=rss&utm_campaign=dns-big-forgotten-internet
Tue, 24 Oct 2017 08:16:43 +0000https://blog.nameshield.com/?p=802Continue reading "DNS – the big forgotten of Internet"]]>“DNS continues to be one of the most targeted Internet services, and it remains the Achilles heel of global Internet infrastructure. DNS was not only the most heavily abused protocol for reflection/amplification DDoS attacks this year, but an attack targeting a specific DNS provider was also the cause of the most widespread Internet outage of 2016 (Note: attack on the provider Dyn, which caused for about ten hours, the inaccessibility of a big part of Internet in the USA, particularly impacting Twitter, Ebay, Netflix, Amazon, Paypal… in October 2016).”

Arbor Network Infrastructure Security Report – June 2017

But what is the DNS?

Because the human being is more apt to remember a name than a number, and because this is even more true for going on a website, between a domain name and an IP address, the human being, in order to simplify their life, have created the DNS: Domain Name System (or service).

For example: “I want to go on Google.com, my browser will ask the DNS what the IP address of the web server hosting google.com is, it will obtain it, then go on it and download the page.”

The DNS is a public database, decentralized and distributed, which associates domain names to IP addresses. It exists since 1985. It’s a part we can qualify as Internet infrastructure, essential to operate… and yet the DNS is invisible to the user.

The DNS has been massively adopted because it’s practical. It simplifies the user’s life and allows them to easily identify, differentiate, locate, memorize and transmit the domain name of a website associated to a brand. It has also been adopted on the other side of the mirror by its networks administrators to identify and differentiate servers, it is even more true with IPv6, with hosts multiplication and the arrival of the all connected. The DNS allows them, last but not least, to have the possibility to change servers and IP addresses in all transparency for the web user.

The DNS is omnipresent within the Internet. Everyone should be able to have access to it, if not, the Web would not operate anymore. This is what has happened in 2016 to our American compatriots, who had to do without Twitter or frenetically buying during almost 10 hours. The lost profit regarding revenue and impact on the brand image of the impacted companies have been significant.

But as it is invisible, everyone tends to forget it… and to realize it when it’s too late.

Strategic services relying on the DNS and the associated risks

Websites and email are two major services which systematically rely on DNS. Imagine that your website is unavailable for 1 minute, 10 minutes, 1 hour… and the consequences for your company, revenue, service discontinuity, image of the brand, customer’s loss. And what the consequences are for the absence of emails on this same period…

If these two services are the most potentially impacted, others can systematically rely on DNS:

VPN, VOIP, instant messenger… with the consequences smaller but equally regrettable for the operating of the company.

Attacks on DNS

Sadly, DNS servers are exposed to many potential attacks:

– Cache poisoning: make the DNS servers believe they receive a valid answer to their request while it is fraudulent. Once the DNS poisoned, the information in cache makes all the users vulnerable (send to a fake website).

– Man in the middle: The attacker alters the DNS server(s) of the parts in order to redirect their communication to them without the parts realizing it.

– DDoS: DNS are more and more targeted by DDoS attacks, in order to saturate them and prevent them to ensure the resolution of the company’s key services.

And all these attacks have the same consequences: hijack or stop the companies ‘traffic.

The big forgotten

From the user’s point of view, the DNS doesn’t exist, they use the naming system of domain names to navigate and send emails, they have only one need: that it works.

From the company’s side, the problem is different, it is usually a lack of information, a lack of conscience of the DNS importance and the consequences of a service breakdown.

In most of the cases, companies do not really pay attention. They will use an important budget to register and manage domain names, to rise their visibility and protect their brands, but will not linger on DNS servers’ strength at their disposal from their provider.

The good practices to implement: having first rate DNS infrastructure

First of all, consider whether your strategic domain names already beneficiate from a particular attention from the DNS infrastructure. Are called strategic, all domain names on which rely the key services traffic of the company: web sites, email, VPN, instant messenger…

To gain its own DNS infrastructure is a solution which presents advantages of flexibility and control, but the acquisition cost, management and maintaining on one side, complexity and necessary knowledge on the other, are often crippling or badly evaluated. It’s usually easier to go for an extern DNS infrastructure, managed by a registrar, host or specialized provider. It is then appropriate to check which availability annual rate is ensured and how it relies on the good practice for a maximum availability.

To ensure a high availability to your Internet services, it’s essential to choose a DNS solution highly available which offers:

– Necessarily functionalities to a DNS intensive use;

– A network of anycast type to reduce the DNS resolution time and ensure an optimal access time to your websites.

– A DNS infrastructure secured and staying available even in case of attack.

Conclusion

The DNS is not visible but is everywhere, it ensures the access to our key services thanks to the resolution of your strategic domain names, it is potentially exposed to many attacks with disastrous consequences and it lacks too often attention from companies. So.. Don’t forget about it and if necessary, talk about it with your Nameshield partner.

Context:

Spain, divided in 17 autonomous communities can’t be compared to the administrative division of the regions. Indeed, these Spanish communities don’t have the same autonomy and Catalonia, located in the North East, benefits from an autonomous status, in effect since 2006.

Issue of October 1st

Last Sunday, the Catalan independent regional government organized a referendum concerning Catalonia independence among 7.5 million residents. This initiative has been quite badly perceived by the Spanish conservative government, which searches by any means to slow down if not stop the movement. For many media, this is one of the worst political crisis of the last 40 years.

Like many territories or regions, Catalonia benefits from its own TLD: .CAT.

In France, Brittany, Corsica, Alsace and Paris also benefit from a dedicated extension, i.e. respectively .BZH, .CORSICA, .ALSACE and .PARIS.

Beside France, we can find .SCOT for Scotland, .EUS for Basque culture, .FRL for Friesland, etc.

June, 9th 2017

The referendum on Catalonia’s independence is announced. It will take place on October 1st. The question that the voters will have to respond to is the following: “Do you want Catalonia to be an independent state in the form of a Republic?”

September 13th 2017

Spanish law enforcement officers seize the electoral equipment.

September 15th 2017

Madrid, judging Catalan referendum illegal, raided the registry managing .CAT, PunCat in order to make unavailable the access to websites in favor of independence, the hosting of these latter being abroad. The registries of the other countries expressed dissatisfaction for this situation: .EUS and .SCOT have thus communicated on this subject. To this day, if we can note the reactions of EFF and ISOC, neither the GeoTLD Group nor ICANN have communicated yet on this matter. The issue having been covered beyond borders, we can note an article of NYT on this subject, it would seem natural that a first release from ICANN would soon be published.

PuntCat, .CAT registry, communicated with words on this incident and asked help from ICANN: « The show that we have experienced in our offices this morning has been shameful and degrading, unworthy of a civilized country. We feel helpless in the face of these immensely disproportionate facts».

September 20th, 2017

“Anubis operation” launch, aiming to prevent the referendum.

September 24th, 2017

Catalonia’s secretariat of telecommunications complains to the European Commission about the blocking of some websites in .CAT and the raid of the Catalan registry.

September 25th, 2017

With the impossibility to cut pro-independence websites, Spanish government blocks them.

October 1st, 2017

The vote takes place. 90% of YES for independence, 42% of participation rate.

October 4th, 2017

Day of this article’s publication, Catalan government should announce the Catalonia independence.

]]>Acquisition of Rightside by Donuts: What are the consequences on DPML Programs?https://blog.nameshield.com/blog/2017/10/04/acquisition-rightside-by-donuts-consequences-on-dpml-programs/?utm_source=rss&utm_medium=rss&utm_campaign=acquisition-rightside-by-donuts-consequences-on-dpml-programs
Wed, 04 Oct 2017 13:28:19 +0000https://blog.nameshield.com/?p=867Continue reading "Acquisition of Rightside by Donuts: What are the consequences on DPML Programs?"]]>

At the Internet new extensions launch, Donuts operator, the biggest extensions applicant (.services, .legal, .photos, .vin etc.) has launched a specific protection program in addition to the TMCH.

The Donuts Protected Mark List (DPML) allows to block the registration by a third party of a domain name similar to the brand under all the extensions managed by the registry.

For example, if the brand “iPhone” is registered in the TMCH (prerequisite) then in the DPML, no one can register <iphone.photos> or <iphone.services>, as well as the other hundred Donuts extensions.

Other registries have also created protection programs, in common with Donuts’ DPML, on more restricted perimeters. It was the case of Rightside which managed the following 40 extensions:

Actually no. In fact, yes but no. These codes do not designate sectors of activity but territories according to ISO 3166-1 alpha 2:

TV is for Tuvalu, a Polynesian state;

FM is for Federated States of Micronesia ;

IO for British Indian Ocean Territory.

Why such a mix of genres? In fact, domain names and geopolitics make a whole.

When you communicate with a .COM domain name, you trust Verisign, an American company. With a .FR, it’s the AFNIC! For the .TV, nothing to fear, this extension is technically delegated to Verisign. And for the .IO, it will be said that the infrastructure is fairly resilient. Why mention this reality?

Simply because geopolitics are moving, political events have frequently cut off domain name extensions. This is the case of .LY, which corresponds to Libya. For example, South-West professionals communicating in .SO met some technical problems when Somalia has cut its DNS infrastructure for some time.

But then, how do we do? This is precisely what is exciting in this intangible industry: if no guide is available to track real-time geopolitical movements and the consequences on registries’ DNS availability, Nameshield informs you in real time.

Act 4: Reconstruction

While a myriad of new extensions were open for recording, the time was to select .COM, .CM, .OM, .CO or .CAM records? .FR or .FRL?

The decision to make registrations in all new extensions of course has a high cost and is no longer necessarily wise.

This is also why, some brands have chosen a .BRAND: its own TLD, its own sovereignty, its own management rules! Many brands have opted for this configuration and we can see now the blooming of .BNPPARIBAS, .ALSTOM, .SNCF, .LECLERC, .GOOGLE …

This reflection on .BRAND has sometimes been badly conducted: some brands have now abandoned their own TLDs, such as McDonald’s. ICANN has a list of these TLDs, along with the very formal letters from the companies asking to remove the area of ​​confidence, historically so costly. It reminds me of The Fallen Astronaut. We can say that the abandonment of these TLDs will be used for others to build themselves up. A good general uses the strength of the enemy as Sun Tzu said!

These discontinuations show that the companies concerned have not seen today the benefits they could make from the costs associated with the creation and management of a .BRAND. Others, more daring, have discovered the interest and / or imagine discovering new service opportunities allowing them to have an increased or even total control over their infrastructure to come with high stakes, Internet of Things, Industry 4.0 …

Let’s wait for the first connected objects and the deployment of a real infrastructure around a resilient .BRAND and we’ll see!

Trademarks identify a particular product or service and enable consumers to quickly identify the source of a given good. In order to meet this function they must be distinctive. Trademark law protects the owner’s right to use the trademark exclusively and prevent others using a mark that is confusingly similar. Use of an identical mark on the same product would be considered confusing and could clearly constitute infringement.

So far so good. But are you aware that the same standards exist for naming pedigree horses?

WorldFengur is the Icelandic committee in charge of the official register of the Icelandic horses breed. They have recently passed a rule stating that names must be of Icelandic heritage for them to be included in the official database. There are more than 400,000 horses registered across Europe and the USA. The two-person Horse Naming Committee has been set up to stop people giving obscene names to their horses but mainly to ensure that the names respect Icelandic tradition and grammar rules. It seems that purchasers don’t want their Icelandic horses to have foreign names.

Other countries have naming rules for horses too. The British Horseracing Authority (BHA) controls the appropriateness of names when horses are added to their database. In addition to being available – like trademarks – there is a long list of criteria that applicants need to meet. Here are some of the restrictions on name availability:

Names of more than 18 characters, including signs or spaces

Names followed by one or more numbers or which start with a sign other than a letter

Names made up entirely of initials, or which include figures, hyphens, full-stops, commas, signs, exclamation marks, inverted commas, forward or back slash, colon and semi-colon

The name of a public person or names of commercial significance without the appropriate permission

Names considered in poor taste or which may cause offence.

Further, when applying to the BHA for your name approval you need to supply two proposed names in order of preference with an explanation of the origin or meaning of the name. This all sounds familiar – a bit like applying for a drug marketing authorisation. One fun difference is that there is a Horse Name Availability Search tool that will not only tell you if the name is free but will provide some great alternatives if not.

Glencoe is an “unforgettable place of dramatic mountains, rare beauty and haunting history” in the Scottish Highlands.

It is also a UK trademark, registered by several companies including The National Trust for Scotland. NTS’s 2016 trademark is registered for goods including beauty products, jewellery and clothing. A prior UK Glencoe mark protecting articles of clothing was registered in 1996 by Glenmuir Limited, a “family-run business dedicated to producing the finest golf wear” but it does not currently appear to be used on any articles of their clothing.

It is similarly the name that Hilltrek Outdoor Clothing gives to one of their hand crafted outdoor jackets.

The company, based in Aboyne, on the edge of the Highlands, has a 30 year history of manufacturing quality outdoor clothing. They have a long standing policy to name their jackets after some of their favourite places in Scotland. On the website you can find a link to a glossary providing information about the names and places used for their clothing.

Earlier this month Hilltrek owner Mr Shand received a cease & desist letter from NTS demanding they stop selling the Glencoe jacket. Mr Shand was surprised that a place name could be registered as a trademark. The Hilltrek website respects trademark rights, displaying the ® symbol next to several marks but not Glencoe.

The letter instructed Hilltrek to stop selling any goods bearing the name Glencoe immediately and refrain from using the name on any future products. Mr Shand published the letter that he found “bullying and threatening” on social media, saying that he would have understood and preferred a polite letter explaining the situation and asking for a dialogue.

This case raises serval interesting points for consideration.

Is it correct to register a place name to thereby blocking others from using it? NTS says that their aim is to protect the properties in their care and stop them being exploited. They encourage and support local business but have contacted a number of companies using trademarked names which are not local, including businesses based in France.

It is important to show tact when defending your IP rights in cases such as this. Reacting too harshly can result in this case with negative media attention for the complainant and great advertising opportunity for the “infringer”.

Which both underline the necessity of obtaining professional advice from an experienced IP Counsel whether you are defending a trademark or using one, even if you are not yet aware of it.

]]>.BRAND: The importance of the digital strategy, or the McDonald’s casehttps://blog.nameshield.com/blog/2017/08/17/brand-importance-digital-strategy-mcdonalds-case/?utm_source=rss&utm_medium=rss&utm_campaign=brand-importance-digital-strategy-mcdonalds-case
Thu, 17 Aug 2017 16:25:34 +0000https://blog.nameshield.com/?p=753Continue reading ".BRAND: The importance of the digital strategy, or the McDonald’s case"]]>McDonald’s! The symbol of globalization: from the invention of the express service by the eponymous brothers to its successful franchise by Ray Kroc (I recommend the film ‘The Funder’), McDonald’s is an example of post-war entrepreneurial success. The BigMac, the Filet o’Fish? These are the inventions of franchisees that headquarters have agreed to develop throughout the world. A model of innovation.

What about their digital strategy? When Internet arrives and everyone talks about it, a Wired reporter contacted McDonald’s to explain that Burger King could record mcdonalds.com. McDonald’s will not register it. Then the reporter does, the US firm tries to recover it and will donate 3500USD to a school in order to buy computer equipment.

Once bitten, twice shy. As a result, McDonald’s is creating a preventive policy of registration of domain names: goldenarches.com, mcd.com, bigmac.com, …

If RayKroc.com and mcdo.com are already cybersquatted, the implementation of a defensive registration policy has begun.

Thus, when the new gTLD program is launched in 2012, McDonald’s is a candidate and wins the .MCD and the .MCDONALDS (MCD is used internally for e-mail).

Illustration 1: Home page of NIC.MCD

We note the weak development on the home page of the .MCD, which is limited to ICANN’s obligations regarding the presentation of the TLD.

Illustration 2: WHOIS of .MCDONALDS

The Whois service of the .MCDONALDS allows the identification of the owner, although, as presented in the file for ICANN, the .MCDONALDS is not intended to be an open extension.

What is interesting in the Whois is the joint management of different departments:

In the motivations of the company to benefit from a .MCD and a .MCDONALDS coming from a public document, we can find the will to recreate confidence. McDonald’s highlights its gTLD, ccTLD and preventive registrations (.XXX, among others).

McDonald’s has many commitments:

provide an easy and intuitive reference and access point for internet users;

represent authenticity thus promoting user confidence;

direct internet users to locally relevant information and products;

use appropriate geographic names to connect with internet users in the relevant regions ;

potentially use IDNs to enable customers to interact in their native language;

However, on May 2nd, 2017, a signed letter from VP Global Brand Marketing, Colin Mitchell announces the end for both TLDs.

There is no reason mentioned to justify this request and McDonald’s IP has not responded to the requests for communication.

Illustration 3: The letter of McDonald’s

McDonalds has failed to do with these two TLDs more than a trusted place for the websites: a .BRAND, yes, but it’s necessary to have a real strategy of deployment and use.

Creating a .BRAND with the only purpose of defending the intellectual property doesn’t seem, in that light, to be a successful tactic. The success of a .BRAND is mainly conditioned by an effective strategy, and its development has to anticipate far ahead, its use, as well as its implications regarding the digital and commercial communication.

]]>A much awaited first report on DNS abuse in the new extensionshttps://blog.nameshield.com/blog/2017/08/14/much-awaited-first-report-dns-abuse-new-extensions/?utm_source=rss&utm_medium=rss&utm_campaign=much-awaited-first-report-dns-abuse-new-extensions
Mon, 14 Aug 2017 13:59:36 +0000https://blog.nameshield.com/?p=764Continue reading "A much awaited first report on DNS abuse in the new extensions"]]>

While the fate of 25 not yet delegated new extensions remains to seal, which represents approximately 2 % of all the accepted extensions during the current opening round, ICANN has just published a study on the proportion of DNS abuse in the new extensions launched after 2012.

The study was requested by the Competition, Consumer Trust and Consumer Choice Review Team ( CCTRT), which is mandated by ICANN to examine the extent to which the introduction or expansion of generic extensions has promoted competition, consumer trust and consumer choice. By defining the parameters of the study, the CCTRT tried to measure the rates of the common forms of unfair activities in the system of domain names, such as spamming, phishing and distribution of malware.

As a reminder, phishing is a technique used by swindlers to obtain personal information with the aim of committing identity thefts.

What is the report based on?

The study was led by SIDN, the registry of the extension of the Netherlands, as well as the University of Technology of Delft also located in the Netherlands. It was realized over a period going from 2014 to 2016, thanks to an access to the zone files granted by ICANN to these two entities.

More than 40 million names were analyzed, among which 24 million names registered in the new extensions and 16 million in the historic generic extensions: .com, .net, .org, .biz and .info. For the new extensions, it targeted the extensions which proposed a Sunrise phase for brand owners. Thus, this study ultimately concerned few .BRAND registries, since they are not required to make Sunrise phases.

Both entities made their own measures to detect abuse and the data were cross-checked with eleven heterogeneous lists referencing domains and URLS identified as hostile, which were supplied by five specialized organizations.

What are the study’s conclusions?

Regarding phishing and malware distribution, the study shows a convergence of the proportions observed within the new extensions and those in the historic generic extensions. However, in the historic generic extensions, the rates tend to remain stable while those of the new extensions increase.

On the other hand, a strong disparity appears on the spamming. At the end of 2016, the proportions of affected domains are almost ten times higher on the new generic extensions: 526 on 10000 names against 56 on 10000 names. Trends show a shift of the cybercriminals towards the new extensions.

The analysis also shows that near half of the deposits identified in activities of spamming on the three most concerned new extensions, come from known cybercriminals and from blacklisted users by Spamhaus. Spamhaus is a non-governmental international organization, its purpose is to trace spammers.

However, these phenomena do not concern all the new extensions because 36% did not encounter any abuses during the last quarter of 2016.

The study also shows that the operators which compete by lowering their prices in order to sell volume, are the ones which are the most used by the cybercriminals. Besides competitive registration prices, not restrictive registration requirements, a variety of other registration options such as the wide range of the available methods of payment, inclusive services such as DNS hosting or services of WHOIS masks, are so many other factors looked for by the cybercriminals.

What is the impact of the DNSSEC on abuses?

While the DNSSEC protocol is rapidly expanding, the entities appointed by ICANN to conduct this study also analyzed how the structural properties and the security measures implemented by the operators of new extensions influence domain abuses. As expected, the DNSSEC plays a statistically significant role and thus incites to deploy more widely the protocol on more extensions. The extensions supporting DNSSEC are indeed less of a target of such practices.

What’s happening next?

The study is now open to public comments until September the 19th. The entities which led it, also intend to analyze more in detail the possible correlations between the registration policies and abuses.

The CCTRT is then going to make recommendations to ICANN to stem the increase of DNS abuse that ICANN can then transform into new obligations for the registry operators. This time, however, all the registry operators may be concerned, thus also the .BRAND registries. NAMESHIELD is going to follow this subject closely.

On Wednesday, August 2nd, Digicert announced the acquisition of Symantec’s Website Security Business branch (including SSL business, and some other services). It’s the direct consequence of the conflict opposing Symantec to Google for a few months.

DigiCert’s Twitter account

You have certainly already heard about this disagreement opposing two companies on a certain number of certificates issued by Symantec and the possible loss of trust towards these certificates in the next versions of Chrome. Many information and dates have been flowing on this subject, sometimes contradictory, it can be sensitive to evaluate the impact on your own certificates.

Nameshield as a Symantec’s Platinum partner, has followed very closely the development of this case to ensure that its customers and partners don’t risk to be impacted and suffer from a loss of trust within their browsers. The very latest developments of this case lead us to communicate the following important information:

What happened?

Google and Symantec had a dispute in 2015, Symantec’s teams taking for example certificates often based on the CN google.com, by really issuing them to delete them afterwards. It was objectively a mistake and Google has sanctioned Symantec by making compulsory the subscription of all certificates within the Certificate Transparency base, which since became the market standard and a mandatory for all Certification Authorities. This decision was effective on June 1st, 2016.

At the beginning of 2017, Google and Mozilla announced the discovery of 127 Symantec certificates with irregularities, leading to a thorough investigation from Google, which would have found nearly 30 000 impacted certificates. Google decided to severely sanction Symantec by reducing the certificates’ duration to 9 months and by deleting the EV status for Symantec certificates in a very short period. Symantec has immediately reacted by sanctioning 4 partners who were at the roots of the errors. Many discussions between the two groups, and with many important actors of the industry, took place since March 2017. A part of these publications, proposals and counter-proposals has created confusion.

These different discussions have led Google and Symantec to an agreement on a method and a transition calendar towards a new PKI infrastructure for Symantec. Google officially communicated on this subject on Friday, July 28th. This communication can be consulted here.

Symantec is committed to create a new PKI infrastructure in collaboration with a third party to prove its good faith, answer to the transparency requirements of Google and maintain the high degree of trust which has always benefited the group from the web users. This infrastructure change will take place on December 1st, 2017 and will require the replacement (or if any, the renewal) of all the existing certificates for Symantec brands, Thawte, Geotrust and RapidSSL. This extended deadline will allow a smooth transition, without impact on web users.

Since August 2nd, we know that this trusted third party will thus be Digicert.

What Calendar?

Google distinguishes Symantec certificates issued before June 1st, 2016 from those issued after this date (Mandatory subscription in Certificate Transparency). The loss of trust in these two categories of certificates will arrive through two different versions of Chrome, hence the following calendar:

– Category 1: Certificates issued before June 1st, 2016, will have to be replaced (or renewed*) between December 1st, 2017 and March 15th, 2018 (arrival of the beta Chrome 66)

– Category 2: Certificates issued between June 1st, 2016 and November 30th, 2017, will have to be replaced (or renewed*) between December 1st, 2017 and September 13th, 2018 (beta Chrome 70 arrival).

The eventual emergency communicated by the different market actors is therefore not relevant.

*anticipated renewal: a renewal can be done until 90 days before the expiration date of a certificate, without penalizing the duration of the new issued certificate.

Are you impacted?

Yes you are, if you dispose of certificates issued with one of Symantec brands (Symantec, Thawte, Geotrust, RapidSSL) through Nameshield or other providers with whom you would be working. All that remains is to distribute them in the two mentioned categories. We could help you identify the eventual impacted certificates and their distribution in the right categories, in order to plan the actions to carry out from December 1st, 2017.

And Digicert in all this?

Digicert is an American company, of which the actual market share represents 2.2% of the world market, based on the last report of W3tech. It’s a company renowned for the work quality of its authentication team and its conformity with the CAB forum’s Baseline Requirements. Digicert is regularly growing for several years on serious values and manages certificates portfolios of very important companies and websites around the World.

Digicert will become a major actor of the certificates market, by taking the 14% of the global market shares of Symantec. More interesting, the 40% of market shares on EV certificates and 30% on OV certificates which represents Symantec.

On paper, this acquisition is good news for all the Symantec customers. It’s a guarantee of continuity in the quality of provided services. It’s the guarantee of a successful transition towards a new PKI infrastructure requested by Google. It remains to monitor Digicert capacity to respect the calendar imposed by Google, we will closely monitor this.

What does Nameshield think of this?

Nameshield trusts Symantec and its teams for several years. On one hand, for its quality of service, which allows us to provide you a service of first level and on the other hand for the brand image and the trust created by this group to the web users. The management of this Google/Symantec crisis doesn’t question the trust we have in this partner, and whose support remains irreproachable.

Furthermore, we were for a few months, in relation with Digicert to extend our solutions portfolio, we welcome this acquisition announcement like a positive news for our customers and partners, by being confident on the continuity of the services we could offer you. It means that the trust you place in us is primordial and if you want to move in a different direction, Nameshield remains at your service to propose alternatives to you.